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Oracle Changes Strategy, jf 
Embraces App Integration (| 


Midyear upgrade will include built-in hooks 
to homegrown systems and rival packages 


BY MARC L. SONGINI 
SAN DIEGO 


But at the 
vendor’s Apps- 
World confer- 
ence here, Ora- 
cle previewed a z 
planned upgrade | 
of its E-Business 
| Suite lli applications that will 
| include enhancements de- 
| signed to simplify integration 
with homegrown and thir 
| party software. It also released | 
a set of tools that can be used 
| to pull customer data from Ili 
and other systems into a sin- 
| gle repository. 
| Oracle CEO Larry Ellison 
| downplayed the idea that his 
| company is shifting its stance 
Oracle, page 41 | 


Users Unhurt 


| which fell behind PeopleSoft 
| Inc. in the business applica- 
Oracle Corp. last week detailed | tions sales race when People- 
changes it’s making to regain Soft bought J.D. Edwards & 
the No.2 spot inthe business | Co. last summer. Until now, 
applications market, including | Oracle officials had lobbied 
a newfound enthusiasm for | hard to convince users 
helping IT managers tie its should install monolithic 
software to other systems. | tems combining the compa- 
The integration push is a ’s database, applications and 
shift in strategy for Oracle, software. 


Emcor Saves on Sarb-Ox 


Shuns packaged apps, 
builds Notes: system 
for Sarbane S- Oxley 


at some of its operating units 
next month. The technology is 
due to be rolled out company- 
wide by year’s end. 





BY THOMAS HOFFMAN 
NORWALK, CONN 
Emcor Group Inc. is develop- 
ing a Notes-based system to 
track its Sarbanes-Oxley com- 
pliance — a low-cost project 
that it chose as an alternative 
to a potential six-figure invest- 
ment in commercia! software 
and IT consulting services. 
Emcor, a $4 billion company 
that installs mechanical and 
electrical systems in commer- 
cial buildings and offers a vari- 
ety of facilities outsourcing 
services, plans to start using 
the Notes system in test mode 


| 
| 
| 
| 
| 
| 
| 
| 


f CIO Joseph Puglisi says the new 
m system will cost significantly less 
f than buying off-the-shelf software. 


Emcor executives last week 

said they decided to take 2 
“build” rather than a “buy” ap- 

proach after evaluating during 


Emcor, page 41 | 
| antivirus limitations 
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But spread did show 


BY JAIKUMAR VIJAYAN 


| Companies that followed 


long-recommended e-mail se- 


curity practices had little to 


from Mydoom’s on- 
ght last week. But the 
t which the e-mail- 
borne virus spread highlight- 






| ed the limitations of current 






antivirus methodologies, 





| users anda 


Mydoom, also known as 


| Shimgapi and Novarg, 

| spreading last Monday 

| e-mail attachment with vari- 
| Ous names and extensions, 


.Scr, .zip and 
ted, the virus 


including .e 
.pif. When exe 


| sends copies of itself to other 


e-mail addresses stored in 


Mydoom, page 12 |: 
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A worker in China sits atop a pile of junked PCs. 





WHEN TAKING YOUR COMPANY on the IP telephony 
road, the right traveling companion is essential. 
Avaya Global Services will not only get you going in 
the right direction, but we’ll guide you the whole 
way. For starters, we develop a comprehensive 


network plan that includes a multivendor, 


multitechnology IP readiness assessment 
This tells us what we need to know to help 
you avoid surprises during implementation and 
maximize security. We’ll get you up and running 
easily and seamlessly. And you can continue to 


count on Avaya Global Services to manage and 


With 


~ AVAYA GLOBAL SERVICES 


reach 


AVAYA 


a higher plane 
of communication 


constantly monitor your entire network, using 
EXPERT Systems™ Diagnostic Tools, for example, 
that remotely resolve 96% of all system alarms: 
Go with Avaya, and your competitors will be 
eating your dust. Visit www.avaya.com/sidecar 


or call 866-GO AVAYA 


Services 


at your side, migration to IP telephony can be a 


SMOOOOTH RIDE. 





Thankfully that cost is low with the new Firebox: X — the 
integrated, expandable network security appliance that delivers 
the highest security at the lowest total cost of ownership. 


Firebox x 


The Security You Really Need.” WotchSratiey 


11 Reality Checks to www.watchguard.com/cwcya 
Help the CEO ‘CYA 1-877-732-8780. 
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B2B Survivors 
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In the Management section: The few online ex- 
changes that survived the dot-com disaster were 
industry consortia with patient, deep-pocketed 
members. Now these supporters are pressuring 
the exchanges to stop being cost centers. Page 27 
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The DHS draws criticism 
from private sector reps for 
making cybersecurity alert 
plans without them. 


Microsoft encourages NT 4 
Server users to migrate to 
newer versions of Windows, 
offering tools, labs and dis- 
counted training. 


Alaska Airlines tires of wait- 
ing for Sabre to migrate off 
aging mainframes and shifts 
to a Linux-based online fare- 
searching system. 


EDS hopes a team of former 
CIOs will help it compete in 
delivering business-transfor- 
mation services. 


The Eclipse development 
framework created by IBM 
gains an independent, non- 
profit oversight organization. 


10 IBM releases a high-end 
NAS gateway device to link 
file servers to SANs. 


} NASA develops a SAN to 
store and back up data from 
two Mars rovers. 


Some Lotus users are wary 
of IBM’s new Workplace 
direction. 


3. The TVA is installing a hosted 
system to manage the hiring 
of its IT contractors and other 
temporary workers. 


13 Microsoft adds report author- 
ing and distribution functions 
to its SQL Server database, 
but users may still need third- 
party tools to create reports. 


19 Toxic Legacy. The costs of 
disposing of outdated IT 
equipment are rising — and 
so are the liability risks for 
companies that don’t get rid 
of e-waste properly. 


23 QuickStudy: ETL. Extract, 
transform and load software 
enables companies to move 
data from multiple sources 
and then reformat and cleanse 
it before loading it into anoth- 
er repository or operational 
system. 


24 Security Manager’s Journal: 
Developer Tool Kit Raises 
Backdoor Alarms. When 
antivirus software detects 
backdoor code embedded in 
critical applications, Vince 
Tuesday tracks the source to 
a development tool kit. 


MANAGEMENT 


29 Dual Curses. Two scourges — 
viruses and spam — are the 
most vexing e-mail issues for 
CIOs, according to a survey 
conducted by Ferris Research 
and Computerworld. And reg- 
ulatory compliance isn’t far 
behind. 


30 A Tough Sell. Multimillion- 
dollar medical imaging sys- 
tems are hard to sell to cash- 
strapped hospitals, but some 
users say they’ve seen definite 
benefits. 


32 Think Tank: Brain Food for IT 
Executives. Who should be in 
charge of business/IT align- 
ment? It’s the CEO, not the 
CIO, argues Gopal Kapur. 


App-Layer Battleground 

In the Technology section: WebCohort CEO 
Shlomo Kramer says application-layer attacks 
are an increasingly serious problem. He cites 
the security vulnerabilities he encountered in 
some 300 penetration tests as proof. Page 22 





OPINIONS 


8 On the Mark: Mark Hall has 
dinner with some chief infor- 
mation security officers and 
listens to a few of their pet 
peeves about security vendors 
and outsourcing. 


Maryfran Johnson suggests 
that companies stop filling 
their basements with obsolete 
technology and start planning 
IT recycling programs. 


Pimm Fox hopes Google leads 
the march away from depend- 
ing on big Wall Street firms to 
play in the IPO market. 


Michael Gartenberg argues 
that consumer technology 

is rampant inside companies 
and warns that you need to 
embrace and manage it. 


Paul A. Strassmann says that 
for all its cost savings, out- 
sourcing can signal trouble 
for the companies doing it. 


34 Paul Glen says changing 
organizational behavior, like 
breaking a bad habit, requires 
small steps, visible signs of 
progress and patience. 


42 Frankly Speaking: Frank 
Hayes thinks it’s pretty simple 
to know what users want from 
IT. It’s probably the same as 
what you want for them. 
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Mainframe’ s . Midlife Crisis 


It’s time for companies to rethink how they 
secure the mainframe, writes Rob van Hobo- 
ken, founder of Consul Risk Management. 
He offers tips on keeping their data safe. 


© QuickLink 43510 
City-Net: The Future of Wireless 


MOBILE/WIRELESS: Imagine a wireless mesh- 
ing network that connects emergency work- 
ers, traffic signals, public transit vehicles, 
information kiosks, video cameras and other 


city resources. @ QuickLink 44370 


Blogosphere 
Don’t miss our editors’ weblogs on security, 
IT careers, operating systems, mobile/wire- 


less and more. @ QuickLink 24000 
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Throughout each issue of 

Computerworld, you'll 
see five-digit Quicklink codes 
pointing to related content on 
our Web site. Also, at the end of 
each story, a QuickLink to that 
story online facilitates sharing it 
with colleagues. Just enter any 
of those codes into the Quick- 
Link box, which is at the top of 
every page on our site. 
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University Hit by 
Network Intrusion 


The University of Georgia said the 
FBI and state law enforcement of- 
ficials are investigating a server 
break-in that may have exposed 
the personal data of 31,000 stu- 
dents and applicants. An internal 
probe showed that the intruders 
also used the school’s network to 
scan the Internet for other sys- 
tems to attack. The Athens-based 


university said it took the compro- | 


mised server off-line on Jan. 20. 


Microsoft Delays 
Browser Changes... 


Microsoft Corp. said it has put on 
hold a plan to modify Windows 
and its Internet Explorer Web 
browser in response to a ruling in 
a patent-infringement lawsuit filed 
by Eolas Technologies Inc. and the 
University of California. Microsoft 


announced the plan in October but | 


now intends to appeal the decision 
and is awaiting a ruling by U.S. of- 
ficials on the patent’s validity. 


.. .But Updates IE 
To Block Phishing 


Separately, Microsoft said it will 
modify Internet Explorer in an ef- 
fort to block e-mail “phishing” 
scams that try to convince PC 
users to go to spoofed Web sites 
and disclose personal data. The 
company is developing an update 
that will prevent IE from accepting 
URLs that use the @ symbol to hide 
the true addresses of Web pages. 


25 HL PRS RN ORE EL MEARE 


Short Takes 


DEUTSCHE BANK AG said it has 
agreed to outsource its worldwide 
purchasing and accounts-payable 
operations to ACCENTURE LTD., 
which will provide new procure- 
ment systems as part of the deal. 
Financial terms weren’t disclosed. 
. .. PEOPLESOFT INC. reported a 
$17.4 million profit on revenue of 
$685.2 million for last year’s 
fourth quarter, the first full quar- 
ter since it bought J.D. Edwards 
& Co. Sales of new software li- 
censes totaled $185.4 million. 


NEWS 


New DHS Cyber Alert 
System Draws Friendly Fire 


| Private-sector organizations say they 
were left out of the loop in planning 





| BY DAN VERTON 


| WASHINGTON 





HE LEADERS OF the 
security information 
sharing organiza- 
tions within two of 
the nation’s critical-infrastruc- 
ture sectors are criticizing the 
U.S. Department of Homeland 
Security for announcing a new 
cyber alert system without 
better framing the role of the 
private sector. 
In interviews with Comput- 


| erworld last week, senior offi- 
| cials from the Information 


Sharing and Analysis Centers 
(ISAC) within the IT and fi- 
nancial services industries 
said they learned of the new 
DHS National Cyber Alert 
System from media reports 
that appeared shortly after the 
announcement was made last 
Wednesday [QuickLink 
44367]. The officials said they 
have little or no idea what, if 
any, new capabilities the alert 
system offers, what’s expected 


| of the ISACs or how the pri- 
| vate sector is supposed to in- 
| tegrate and coordinate with 

| the DHS on the alerts. 


At Odds 


| “The government wanted to 


know how it could get [securi- | 


ty information] to everybody, 


| but it didn’t ask us how we 
| could do that,” said Pete Allor, 


operations director for the IT 


| sector’s ISAC. 


Amit Yoran, director of the 


| DHS’s National Cyber Securi- 


ty Division, said the new alert 
system “will integrate very 


| closely with ISAC functions, 


[and alerts] will be provided 


| to the ISACs and in many cas- 


es coordinated with the ISACs 


BIOSURVEILLANCE 
Bush's budget for 2005 allocates $274 mil- 
lion for an antibioterrorism program: 


eg QuickLink 44418 


www.computerworld.com 


| 





in advance.” That integration 


| will be made possible by the 


U.S. Computer Emergency 


| Readiness Team, he said. 


That was news to Suzanne 
Gorman, chairman of the fi- 


| nancial services sector’s ISAC, 
| ° 
who said she and others were 


never briefed on what capabil- 
ities the US-CERT operation 


provides. 


“We talk about partnerships, 
but it would have been really 
nice if they had a conversation 


| with us ahead of making this 


announcement,” said Gorman. 
“The way they did this was 
poor, to say the least.” 

In response, Yoran said that 


| the DHS did in fact conduct 
| discussions with the various 
ISACs on what the depart- 
ment could do to increase 
| awareness and that the level of 
interaction will increase as the 
system matures. 
However, Yoran said, the 
goal of the new system is to 
| give “all users of cyberspace 
the information they need to 
protect themselves.” He noted 
that the DHS alert system 
doesn’t provide any sector- 
specific information. Instead, 
it offers a national-level view, 
which “even all of the ISACs 
don’t cover,” Yoran said. 
Despite the agency’s char- 
acterization of the new sys- 
tem as “a fundamental build- 
ing block of the public/pri- 





vate partnership,” both Allor 


Microsoft Aims to Prevent 
NT Users’ Shift to Linux 


BY CAROL SLIWA 

Support for Windows NT Server 4.0 
is due to cease at year's end, but the 
many users of the aging Microsoft 
Corp. operating system will find plen- 
ty of options as they plot 

their migration strategies. 

IBM two weeks ago 
said it would offer free mi- 
gration classes and some 
discounts on software and 
services for those who opt 
to move from Microsoft 
products to IBM enterprise 
software running on Linux 
[QuickLink 44175}. 

Not to be outmarketed, Microsoft 
last week promoted its improved mi- 
gration tools, prescriptive guidance, 
discounted training, a freely avail- 
able “online concierge” and other 
services. 

In an interview last week, Jim 
Hebert, general manager of the 
Windows Server product manage- 


What did you think of IBM’s 
program to entice Windows NT 
users to Linux? We don’t know 
much more about what they're doing 
than what we read in the papers, but 
from the short list of what 
they said that they were 
going to be offering cus- 
tomers, we actually felt 
pretty good because we've 
been offering those same 
opportunities to customers 
for about 24 months now. 
Soa short version of what 
we think about this is imi- 
tation is the most sincere 
form of flattery. 


Linux is drawing much more 
attention today. Will Microsoft 
need to do more? We are doing 
more. ... We've been continuing to 
invest in our tools and making sure 
that we've got partners. And the 
most important thing for most of our 
customers when they're thinking 
about potentially moving platforms is 


www.computerworld.com 


& We talk about 
partnerships, 

| but it would have 

been really nice 

if they had a con- 

versation with us 

ahead of making 

this announcement. 


| SUZANNE GORMAN, CHAIRMAN, 
FINANCIAL SERVICES SECTOR ISAC 


and Gorman said it seems 
to be geared more toward 
home users and the small- 
business community than to- 
ward the midsize and large 
companies that make up the 
bulk of the nation’s critical 
infrastructure. 

From a critical-infrastruc- 
ture protection perspective, 
“T’m not clear on how this is 
going to work,” said Gorman. 
“There seems to be a lot of du- 
plication of effort.” @ 44425 





whether the software they need to 
run their business, not just the oper- 
ating system, is available to them on 
that platform. We've made huge in- 
vestrnents over the years to build the 
largest ecosystem of software avail- 
able for any platform that | know of. 


How many users are still on 
Windows NT Server 4.0? There 
are parts of our business that we 
don’t talk about publicly, and this is 
one of them. 


Are more NT users moving to 
Windows 2000 or Windows 
Server 2003? We see customers 
who already were halfway through 
an upgrade from NT 4 to Windows 
2000 continuing on that front, and 


port for NT Server will be ex- 
tended beyond the end of the 
year? No. 
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Alaska Airlines Switches to 
Linux-based Fare Searching 


Stays with Sabre for reservations but 
decides not to wait for other functions 


BY DAN VERTON 
Alaska Airlines last week said 
it has completed the migration 
of its online travel planning 
and pricing engine to an Intel- 
based system running Linux. 

The move represents a shift 
of some functions away from 
the mainframe-based system 
provided by Southlake, Texas- 
based Sabre Holdings Corp., 
said Steve Jarvis, vice presi- 
dent of e-commerce and dis- 
tribution at Seattle-based 
Alaska Airlines. 

In September 2001, Sabre 
announced plans to migrate 
off the aging IBM mainframe 
system to one based on fault- 
tolerant servers from Compaq 
Computer Corp., now part of 
Hewlett-Packard Co. [Quick- 
Link 23032]. Sabre had said it 
would take at least three years 
to complete the migration. But 
that wasn’t good enough for 
Jarvis, who decided to move 
the itinerary-planning and 
fare-searching functions to the 
Linux-based QPX system de- 
veloped by ITA Software Inc. 
in Cambridge, Mass. 

“We couldn’t wait on Sabre,’ 
he said. “ITA’s algorithms are 
widely regarded as the best in 
the industry, and we needed 
to move.” 


Facing the Competition 
Kathryn Hayden, a spokes- 
woman for Sabre, acknowl- 
edged Alaska’s move to ITA 
for Web pricing functionality 
but said the company recent- 
ly renewed its contract with 
Sabre for reservations and de- 
parture control. 

Sabre has been migrating 
airlines to its new system 
since the end of last year, and 
the effort “has gone very suc- 
cessfully,” said Hayden. She 
said Sabre isn’t concerned 
about airlines moving to ITA; 
just last week Sabre intro- 
duced a component-based of- 
fering called SabreSonic that 





includes modules for reserva- 
tions, check-in, ticketing, in- 
ventory, shopping and pricing, 
and a Web-based booking tool. 
Jarvis said that while Alaska 
Airlines expects the ITA soft- 
ware to reduce costs com- 
pared with Sabre, the real dri- 
ver for the shift was that ITA’s 
technology will enable the air- 
line to make its Web site more 
of a revenue generator. “We 
plan to grow our [online] rev- 
enue to $1 billion by 2005,” 
said Jarvis. The airline cur- 


rently earns 30% of its $600 
million in passenger revenue 
through its Web site. 

QPX uses XML technology 
and a component-based archi- 
tecture that scales linearly, 
said Jeremy Wertheimer, ITA’s 
founder and CEO. “It process- 
es and confirms availability 
for [trip] pricing in less than 
one-tenth of a second” by run- 


ning algorithms that more effi- | 


ciently analyze airfares and 
routing options, he said. 


“This is a huge improvement |} 


in the number of itineraries we 


can process,” said Jarvis. When | 


Alaska Airlines was using the 
mainframe-based Sabre sys- 


EDS Pins Hopes on 
Team of Ex-ClOs 


Strategy focuses 
on rivals, business 
transformation 


BY PATRICK THIBODEAU 
PLANO 


TEXAS 

After a rough year of layoffs, 
lawsuits and lackluster rev- 
enue, Electronic Data Systems 
Corp. officials claimed last 
week that the worst is behind 
them. Now they plan to grow 
the company by offering busi- 
ness transformation services 
led by a management team 
made up of ex-CIOs. 

In adopting a strategy that 
goes beyond providing ser- 
vices for companies that want 
to outsource their IT opera- 
tions, EDS aims to more di- 
rectly challenge IBM and 
Hewlett-Packard Co., which 
are taking similar business- 
transformation approaches. 

At an analyst meeting here 
last week, EDS officials said 
the company’s strengths lie in 
its emphasis on open stan- 
dards, depth of technical ex- 
pertise and relatively agnostic 
approach to technology com- 
pared with IBM and HP. 


| 





An executive at Canadian 
Imperial Bank of Commerce 
in Toronto, which outsources 
its human resources opera- 
tions to EDS, said she found 
the new direction reassuring. 

It offers “much more clarity 
as to where we fit as a [busi- 
ness process outsourcer] in 
their strategic direction,” said 
Joyce Phillips, execu- 
tive vice president of 
human resources at 
CIBC. “That’s what I 
want to hear.” 

Analysts said EDS 
needed to change to 
keep pace with com- 
petitors. 

“T think they are 
trying to rationalize 
their broad range of 
offerings,” said John 
McCarthy, an analyst 
at Stamford, Conn.- 
based Gartner Inc. “Every- 
body is coming out of this 
slowdown in IT trying to fig- 
ure out, How do we reinvigo- 
rate ourselves? What’s our val- 
ue proposition?” 

EDS CEO Mike Jordan, who 
assumed that position last 
year, said he’s counting on a 





FELD: EDS 
Reem Celis 
customer-centric 
systems that are 
urea 
reusable parts.” 


tem, it often had to make more 
than 40 different data requests 
to produce one screen of itin- 
erary options. “Now we do it 
all with one trip to the data 
source,” Jarvis said. 

Changes that enabled the 
airline to customize end users’ 
online experience have re- 


new management team to im- 
prove customer relationships. 
It counts the following among 
its members: 

w Charlie Feld, former CIO 
at Frito-Lay Inc., who became 
executive vice president of EDS 
portfolio management after 
EDS bought Feld’s consulting 
firm, The Feld Group, last 
month. 

m Steve Schuckenbrock, 
who also worked at The Feld 
Group and was previously a 
senior vice president of IT at 
PepsiCo Inc. Schuckenbrock is 

now executive vice 
president for global 
sales and client solu- 
tions at EDS. 

g David Clementz, 
former CIO and pres- 
ident of Chevron- 
Texaco Information 

A Technology Co., who 
is now executive vice 
president for service 
delivery at EDS. 

Based on the be- 
lief that customers 
want to narrow the 
breadth of technologies in 
their IT operations, EDS said 
it intends to develop deeper 
relationships with a smaller 


number of technology vendors | 


and have more of a “bias” to- 

ward certain products in its 

customer recommendations. 
“By tightening alliances 


a 


I ALASKA AIRLINES’ new system lets it process itineraries more quickly. 


mained invisible, and that’s an 
important lesson for anybody 
thinking about a similar pro- 
ject, he said. “Don’t try to em- 
bed an entirely new user ex- 
perience with a platform 
change,” Jarvis said, noting 
that that can confuse users and 


drive them away. @ 44428 


with the Suns and Dells... 
we're trying to get a much bet- 
ter look ... into what’s coming 
| three or five years down the 
road,” said Schuckenbrock. 
EDS officials also noted that 
they want a deeper relation- 
ship with Microsoft Corp. 

In addition, EDS will work 
to deliver customer-centric 
systems that are “made out of 
reusable parts,” an approach 
EDS hasn’t taken in the past, 
said Feld. For instance, one 

| customer may use an ERP sys- 

| tem from PeopleSoft Inc., and 

| another may be an SAP AG 

| user. But both might be able to 

| use the same business intelli- 

} gence layer and Web front end. 

| EDS in October announced 

| plans to cut 2,500 jobs, bring- 

| ing last year’s total layoffs to 

| 5,200, or about 4% of its work- 

| force of 135,000 [QuickLink 
42473]. At that time, EDS post- 

ed a net loss of $600,000 for 

| its third quarter, while rev- 

| enue rose 6% to $5.24 billion. 

The company is also facing 

| a class-action shareholder 

| lawsuit alleging that two for- 
mer top executives knowingly 

| misrepresented company 

earnings and the health of the 

multibillion-dollar Navy/Ma- 

| rine Corps Intranet contract 

| [QuickLink 44087]. EDS offi- 

| cials declined to discuss the 

| contract last week. @ 44405 
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Siemens Seeks to 
Lower IT Spending 
Siemens AG has launched a 
technology consolidation pro- 
gram in a bid to cut its $4.7 bil- 
lion IT budget by more than 20% 
over the next three years. Ed- 
mundo Ruiz, vice president of 
the corporate information and 
operations groups, told the IDG 
News Service that Siemens 
wants to lower the number of 
applications and devices used in 
its worldwide operations. 


BN AIEEE Be ORNS TEMPERS 


SAP Offers Deals 
On R/3 Upgrades 


SAP AG is offering pricing dis- 
counts to entice R/3 users to up- 
grade to the latest release of its 
ERP software. The company said 
users can apply up to 75% of 
the price they paid for their cur- 
rent releases against the cost of 
a mySAP ERP license. It also 
dropped R/3 from its price list at 
the start of the year and plans to 
end mainstream support ser- 
vices for the software by 2009. 


PE EIST ROR PERE 2D IOS ETT RL TNE BI 


Sun Preps Java 
Desktop Release 


Sun Microsystems Inc. said it 
plans by midyear to release the 
second version of its Java Desk- 
top System software, with addi- 
tional tools for centrally manag- 
ing client systems. But the up- 
grade will cost more. Sun now 
sells the software at a promo- 
tional price of $50 per user an- 
nually but said the upgrade will 
cost $100 per user. 


Microsoft Updates 
Word to Fix Bugs 


Microsoft Corp. released an up- 
date of Word 2003 in an effort 
to fix several bugs in the word 
processing software, which be- 
came available in October. One 
of the most serious glitches can 
cause Word 2003 to freeze or 
crash when users are working on 
documents that contain OLE ob- 
jects, Microsoft said. 


| 
| 
| 
| 


| 
| 
| 
| 


MARK HALL « ON 


THE MARK 


Vendor Conflicts Bug 
Security Chiefs ... 


... who believe that incompatibility among security products impedes their 
efforts to lock down their systems. Vendors “need to open up their se- 
curity model, so companies can apply the product to their own securi- 
ty needs,” argues Allen Kerr, vice president of IT infrastructure and 
information security at Premera Blue Cross in Mountlake Terrace, 
Wash. Kerr points to vendors that claim, for example, that a product is 


compliant with the Health Insurance 
Portability and Accountability Act, which 
is good. But that doesn’t help him when 
he needs to extend the product to be 
compliant with patient health informa- 
tion strictures set by individual states. “I 
say, open up the security model so I can 
be compliant across the board,” he con- 
cludes. Phil Attfield, an IT security con- 
sultant in Fall City, Wash., agrees. “Secu- 
rity is infrastructure now,” he says, “and 
it needs to have policy enforcement stan- 


dards set across the board.” Unless vendors | 


open up their APis, that’s not possible. Ron 
Moritz, chief security strategist at Com- 
puter Associates International Inc., 
acknowledges the prob- 
lem and says it will take 
until 2006-07 for the ap- 
plication programming in- 
terfaces in CA’s eTrust se- 
curity applications to be 
available to users for cus- 
tomization. ® Another 
brewing security issue 
that worries Kerr and oth- 
er corporate information se- 
curity heads who were at a 
CA-sponsored dinner at 
Safeco Field in Seattle last 
week is outsourcing. 
“What people worry about 
is securing the transmis- 





On March 15, Catalyst Sys- 
tems Corp. in Glencoe, Ill., 
will ship its Openmake 6.3 
build management tool. The 
upgrade lets application de- 
velopment managers better 
control the build process. The 
new version will now run on 
WebSphere and Oracle appli- 
rea ol ee Ry (ele 
Tomcat, an open-source 
Taam eRe ToL t Ones 
eR SM OL LOle lal 


sion of data,” he says. “But that’s the sim- 
plest part.” Karen Worstell, chief infor- 


| mation security officer and vice presi- 


dent of IT risk management at Redmond, 


| Wash.-based AT&T Wireless Services 


Inc., says there’s “no difference between 


| Tukwila, [Wash.,] and Bangalore” in the way 


IT managers need to treat their out- 


| sourcers. However, she suggests that you 


develop service-level agreements that 


| specify how the information can be used 


by outsiders, who can see it and whether 
work on an application can be subcon- 
tracted out. “And you need to monitor or 
audit the outsourcer once or twice a 


| year,” Worstell advises. She says she be- 


lieves that the Sarbanes- 
Oxley Act changed the 
way IT has to think about 
outsourcing deals. “Now 
you can outsource the 
work, but not the respon- 
sibility,” she wisely says. 
= The mainframe gravy train 
keeps getting longer for At- 
tachmate Corp. The Belle- 
vue, Wash.-based compa- 
ny will release its MyExtra 
Smart Connector Main- 
frame Edition late this 
month. The new version 
of the software, which al- 
ready exists as a server- 





based product outside the mainframe, 
now runs directly in an OS/390 or zSeries 
environment. Plus, the latest version will 
add VSAM and DB2 connectors to its IMS 
and CICS links. Attachmate Vice Presi- 
dent Markus Nitschke says application 
writers can use the mainframe-based ver- 


| sion to tie information inside disparate data- 


bases running on the big iron with a single 
SQL join command. And, he boasts, per- 
formance jumps at least 100 times by run- 
ning the connectors directly on the main- 
frame as opposed to on an external server. 
= Once those mainframe-based programs 
are humming along, you can goose those 
Web-based applications with an intelligent 
queuing system from Warp Technology 
Holdings Inc. in New York. Warp Spi- 
derQ, which ships later this quarter, can 
manage hundreds of thousands of in- 
bound page requests, as opposed to a typ- 
ical Web server that bogs down at around 
2,000 requests. Chief Technology Officer 
Greg Parker claims that companies can 


| avoid throwing more hardware at perfor- 


mance problems by using SpiderQ and 
that it’s ideal for Web sites that suffer in- 
termittent demand spikes. It can also be a 
weapon against denial-of-service attacks, 
he says. Maybe he should give SCO a call. 

= Many mainframe developers are familiar 
with Relativity Technologies Inc.’s Cobol, 
PLI and other language tools. Now the 
Raleigh, N.C.-based company is opening 
its software development environment to 
third-party products. The first two com- 
panies to sign on are Trinity Millennium 
Group Inc. in San Antonio and Software 
Migrations Ltd. in Hertfordshire, England. 
The former is offering a bevy of languages, 


| including Visual Basic, PowerBuilder and Oracle 


Forms, that can be accessed through Rela- 


| tivity’s software. The latter is putting its 


assembler tools into the product. Users 
can leverage a single interface to access 
multiple language parsers and tools, as 
well as a central database for business 

rules, components, documentation and 


other functions. @ 44406 





Independent 


Eclipse Organization Emerges 


| group’s future as a member of 
the Eclipse Management Or- 


| BY CAROL SLIWA 
| Today, after months of plan- 
| ning, the Eclipse development 


framework that IBM created 


| and released to the open- 
| source world will finally get an 


independent, nonprofit corpo- 
ration to oversee its technol- 
ogy direction and growth. 
Eclipse’s board of stewards 
announced that more than 50 
companies have signed on as 


| members of the organization. 


Its board of directors will hold 


its first meeting tomorrow in 
| Anaheim, Calif., where the in- 
augural Eclipse technical con- 
| ference is taking place. 
Among the noteworthy Java 
vendors that declined to join 
the organization were Sun Mi- 
crosystems Inc. and BEA Sys- 
tems Inc. But Skip McGaugh- 
ey, the IBM tools official who 
is relinquishing his post as 
Eclipse chairman, expressed 
optimism that more compa- 
nies will choose to participate 





| as Eclipse demonstrates its in- 
| dependence and quality. 

Rikki Kirzner, an analyst at 
IDC, said she was pleasantly 
surprised to see the cross sec- 
tion of the developer commu- 


including companies such as 
Borland Software Corp. Six to 
eight months ago, some had 
expressed skepticism about 
the value of joining Eclipse. 
IBM will continue to have 
some influence over the 





| nity that has already signed up, 


ganization’s board of direc- 
tors. But there will also be sev- 
en other strategic partners 
steering its direction and co- 
ordinating projects, including 
Ericsson Inc., Hewlett-Packard 
Co., Intel Corp. and SAP AG. 

“In the past, it was primarily 
an IBM-funded effort. In order 
for it to be viable, IBM had to 
be viewed no longer as the 
owner,” said Michael Blechar, 
an analyst at Gartner Inc. 


@ 44426 
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IBM Offers Hardware _ 
For High-End NAS Apps 


Gateway device links file servers to | 
SANs, supports up to 224TB of data | 





BY LUCAS MEARIAN 
BM LAST WEEK announced 
its first enterprise-class 
gateway for network- 
.attached storage on Win- 
dows, Unix and Linux servers, 
putting it in direct competi- 
tion with Network Appliance 
Inc., EMC Corp. and Hewlett- 
Packard Co. 

The rollout is part of an ef- 
fort by IBM to catch up to 
those vendors in selling high- 
end NAS devices, including 
gateways that let IT managers 
store data from file servers on 
storage-area networks. 

Last July, IBM nixed its 
TotalStorage NAS 100 and 200 
devices, which were self-con- 
tained file servers, in order to 
focus on higher-end products 
{QuickLink 39671]. That move 


left the company with the NAS 
Gateway 300, a Windows- 
based midrange system that 
includes a two-processor NAS 
head and supports up to 22TB 
of storage. 

In comparison, the new NAS 
Gateway 500 is based on IBM’s 
Power4 processor and AIX op- 
erating system. The 
device can be con- 
figured with up to 
four CPUs and 
scales to a storage 
capacity of 224TB, 
IBM said. 

“Customers have 
been asking us for a more en- 
terprise-class product,” said 
David Vaughn, IBM’s manager 
of gateway products. Using 
the Common Internet File Sys- 
tem protocol for Windows, the 


NASA Taps SAN to Store, 
Back Up Data From Mars 


System handles 5TB 
of data each week 
BY LUCAS MEARIAN 
The toughest thing about 
landing an unmanned probe 
on Mars is going from 12,000 
mph to zero in six minutes, ac- 
cording to Prasun Desai, one 
of the NASA engineers who 
developed the descent and 
landing systems for the Spirit 
and Opportunity rovers. 
“Things happen quickly,” 
Desai said succinctly. But de- 
spite the abruptness of the 
landings, the computers 
aboard the two rovers sent 
plenty of data about the de- 
scents 80 million miles to 
Earth, where the information 
was transmitted to a storage- 
area network set up at NASA’s 
Langley Vehicle Analysis 
Branch in Hampton, Va. 


| 


| got and helped them make de- 


Charles Davis, a systems ad- 
ministrator at Raytheon Corp. 
in Lexington, Mass., was con- 
tracted by NASA to help de- 
velop the SAN, which stores 
and backs up data received at 
the space agency’s Jet Propul- 
sion Laboratory (JPL) in 
Pasadena, Calif. 

Among the key information 
received by the Langley SAN 
was the flight trajectory data 


| from Spirit’s Jan. 3 entry into 
| the Martian atmosphere and 


its landing on the planet’s sur- 
face. That data was especially 
valuable because Opportunity 


| had to perform a similar entry 
| and landing on the opposite 


side of Mars three weeks later. 
Information from Spirit’s 


| descent was used by NASA 
| engineers to adjust Opportu- 
nity’s flight path, according to 


Davis. “We took the data they 


MORE ON STORAGE 


databases and move old 
records to secondary storage 
@ QuickLink 44303 
www.computerworld.com 
wa 


| capacity. He’s 
| a FAStT900 and IBM’s Fibre 


NAS Gateway 500 can transfer 
files one and a half times faster 
than the 300, he said. With the 
Network File System protocol 
used on Unix and Linux ma- 
chines, the new device is six 


| times faster, he added. 


Keith Stevens, a systems ad- 
ministrator at Johns Hopkins 
University’s Center for Car- 
diovascular Bioinformatics 
and Modeling in Baltimore, 
said he’s eyeing a NAS Gate- 
way 500 as a rela- 
tively inexpensive 
way to expand his 
storage capacity. 

Stevens is shop- 
ping for a replace- 
ment for his IBM 
FAStT500 disk ar- 
ray because the center has 
maxxed out that device’s 7TB 
; also considering 


that analyze 


Channel-based Shark array, 
which both offer 35TB. 


cisions around determining 

the landing sites,” he said. 
For primary storage, the 

Langley SAN includes two 


| disk farms: an EMC Corp. 


Clariion array with 1.5TB 


| capacity, and a Total Perfor- 
| mance 9400 array made by 


Silicon Graphics Inc. that can 
store 4TB of data. Both arrays 
are configured for RAID 5, 
which overlaps read and write 


| operations across all of their 


SPIRITS robotic arm captures close-up images 
4 that help scientists study Martian rocks and soil. 


But Stevens said he experi- 


| enced sticker shock with the 


two arrays. The FAStT900 
would cost Johns Hopkins 
$900,000, and it would take 
$1.5 million to buy the Shark 
device, formally known as the 


| Enterprise Storage Server. 


Stevens likes the idea of be- 


| ing able to buy a NAS gateway 


| ternative. 


for less than $100,000 as an al- 
“I’m definitely inter- 
ested in sharing file systems 
across our network,” he said. 
“We just need something with 
pretty decent performance.” 
Pricing starts at $67,000 on 


| the NAS Gateway 500. The de- 
| vice can use either Shark or the | 


FAStT line for back-end stor- 


age, and IBM said it also can 


work with rival disk arrays if 
it’s configured with the compa- 


| ny’s SAN Volume Controller 
| virtualization software. 


“IBM has never been partic- 


| ularly successful at doing NAS, 


but this is a new ball game,” 
said Mike Karp, an analyst at 
Enterprise Management Asso- 


| ciates Inc. in Boulder, Colo. 


“They didn’t succeed the first 


| time out. Those devices just 


didn’t have the horsepower.” 


| disk drives. The storage net- 


work also includes a Brocade 


| Communications Systems Inc. 


Fibre Channel switch that sup- 


| ports up to 1Gb/sec. through- 
| put, Davis said. An eight-proc- 


essor SGI Origin 2000 server 


| is used to back up data toa 

| Spectra Logic Corp. tape li- 

| brary that can accommodate 
380 LTO-2 tapes, each with a 


capacity of 200GB. 

Davis said BakBone Soft- 
ware Inc.’s NetVault 
product is used to 
manage the SAN. 
The software does 
incremental backups 
of the aircraft, trajec- 
tory and atmospher- 
ic data sent from the 
JPL on a daily basis 
and full backups 
weekly. 

The storage infra- 
structure is also fully 
redundant, Davis 
noted. The SAN 
stores about 5TB of 
data each week, and 
information that gets 


| 
| 
| 
| 
| 
| 
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NAS Gateway 500 


= Supports up to 2247TB of data 
and 12 Fibre Channel or Gigabit 
Ethernet network interfaces. 
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includes agents for IBM's 
Tivoli storage management 
software, plus autonomic 
computing technology. 


SOR CRO RETO ROME HEE eee eeEeee 


® Works with disk arrays made 
by other vendors through IBM's 
SAN Volume Controller software. 


POO OO HCC e eRe Se eeBeeseseee 


Starts at $67,000 for a 
system that includes a NAS 
engine and a two-processor 
IBM pSeries server. 


Karp said the NAS Gateway 


| 500 is priced to compete with 


top-selling NAS devices from 
vendors like NetApp and 


| EMC. It’s also “completely 
manageable by existing infra- 
| structure applications, which 
| means you don’t have to buy 
| this and then buy another 


management package for it,” 


he said. @ 44382 


Stephen Lawson of the IDG 
News Service contributed to 


| this story. 


corrupted during the tape 
backup process can be auto- 
matically recovered from the 


| disk drives, he said. 


Desai, who works at the JPL, 
helped build the parachute 
and airbag system to cushion 
the Spirit and Opportunity 
landings. With the landing 


| stage of the Mars program 
| completed, Desai now is work- 





ing to convert and analyze the 


data sent back by the rovers. 


The data, which traveled 
from Mars to Earth in 10 min- 
utes at light speed, is being 


| used to construct a telemetric 


model that characterizes how 
the probes slid through the 
Martian atmosphere. 
Because of an atmospheric 
dust storm at the time of the 
Opportunity landing a week 
ago Saturday, the probe was 
thrown to the outer limits of 
its landing zone, Desai said. 
He added that NASA engi- 
neers hope to use the data 
sent back from the craft about 
its descent to better prepare 
for future landings. @ 44435 
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Lotus Users Wary 
IBM’s Workplace Strategy 


Some see steep 
learning curve 
with J2EE-based 
architecture 


BY STACY COWLEY 
ORLANDO 

While IBM’s Lotus Software 
Group forges ahead with 

its Workplace strategy, the 
company still has work to 
do to convince 
some of the Lotus 
faithful that the 
new architecture 
makes as much 
sense for them as it 
does for IBM. | 

With the first round of 
Workplace products released | 
and the second due soon, 
several attendees at the Lo- 
tusphere partner and user 
conference here last week said 
they’re interested in finding 
out more about the platform 
that IBM calls its focus for Lo- 
tus’ future. 

For those accustomed to 
traditional Notes/Domino de- 
velopment, Workplace, based 
on J2EE, has a steep learning 
curve, said Manpreet Singh, 
chief operating officer at Den- 
mark-based IT Factory A/S’s 
India business. IT Factory de- 
velops applications based on 
Lotus software. 

Singh said his office is try- 
ing to develop a Workplace 
strategy. It has had customers 
ask about the new technology, 
though no one has signed on 
yet for a deployment. Singh is 
worried about the portability 
of custom Domino applica- 
tions and add-ons to the 
Workplace system. 

“T’'ve been talking to IBM. 
They say it’s practically drag- 
and-drop,” Singh said. But he’s 
skeptical. “That’s sales talk. 

It’s impossible,” said Singh. 

Alaa El Ghatit, a knowledge- 
management technical strate- 
gist at Hewitt Associates LLC, 

a human resources outsourc- 
ing and consulting firm in Lin- 


secre. 
Read a summary of news from 
Lotusphere on our Web site: 
@ QuickLink a4020 
www.computerworld.com 
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colnshire, IIl., says he’s con- 
cerned about the resources re- 
quired to migrate to a system 
crafted around Workplace soft- 
ware. “We need a lot more in- 
formation on the ROI,” he said. 

Though IBM says it won’t 
abandon its Notes/Domino 
base, El Ghatit says he worries 
that keeping up with current 
technology will require fol- 
lowing IBM down the Work- 
place path, which would in- 
a volve significant 
costs for retraining 
staff and purchasing 
new hardware. 

“Are they just go- 
ing to dump Domi- 
no into a support mode? I 
think there’s still some con- 
cern,” he said. 

The hardware costs associ- 
ated with Workplace may dis- 
suade smaller companies from 
adopting the new software. 
Workplace’s advanced fea- 
tures mean its hardware needs 
significantly exceed those of 
the “extremely efficient” 
Domino architecture, Work- 
place lead architect Jeff Calow 
acknowledged following a Lo- 
tusphere technical session. 

Larry Bowden, IBM's vice 
president of portal solutions 
and Lotus products, said IBM 
is listening to customer con- 
cerns about Workplace and 
moving to address them with 
tools and programs intended 
to smooth the transition. 


Here’s the Plan 

To reassure customers that 
their Lotus investments will be 
protected, IBM announced an 
unusually farsighted road map 
at the show. While engineers 
prepare for the late 2004 or 
early 2005 release of the next 
major Notes/Domino upgrade, 
Release 7, IBM is also at work 
on Release 8, which will mark 
the functional convergence of 
Workplace and Notes/Domino. 
By Release 8, expected in late 
2005, even complex Domino 
applications will be accessible 
via portlets from within Work- 


bout 


place, according to Bowden. 
Meanwhile, IBM is offering 
development tools to help pro- 
grammers ease into J2EE, he 
said. Plug-ins for WebSphere 
Studio are available to give it 
some of the look and feel of 
Domino Designer, as are tools 
to output applications devel- 
oped in Domino Designer to 
J2EE-consumable portlets. 
“You can continue for years 
to use the skills you have,” 
Bowden said. “Over the course 
of the next three years, I would 


suggest that you broaden your 
skill set to involve J2EE, but 
there’s no emergency. 

Lotus executives, including 
General Manager Ambuj Goy- 
al, say the impetus for IBM’s 
creation of the Workplace plat- 
form was a recognition that Lo- 
tus wasn’t going to win new 
business without offering cus- 
tomers a more flexible and 
standards-based approach to 
building collaboration systems. 

For one potential new buyer, 
that’s a message that resonates. 
Amy Palazzolo, who is respon- 
sible for planning Ford Motor 
Co.’s collaboration architec- 
ture, said she came to Lotu- 
sphere to investigate Work- 
place as Ford evaluates options 
for a new infrastructure. 


InfoVista Upgrades Tools for 
Monitoring IT Performance 


BY MATT HAMBLEN 
InfoVista Corp., which com- 
petes with Hewlett-Packard 
Co. and other vendors of net- 
work and system performance 
management tools, today will 
announce enhancements to its 
software that are designed to 
help users match their IT infra- 
structures to business needs. 

The move makes InfoVista 
the latest in a line of vendors 
that are putting a business fo- 
cus on their management tools. 
The new products will provide 
a “unified presentation layer” 


isle) ei | 


VISTAFOUNDATION 2.0: Lets 
users maintain models of 
business services in relation to 
their underlying network and 
system components. 


VISTACAPACITY PLANNER: 
Automates the process of 
determining the amount of IT 
resources required to support 
business needs. 


VISTAOPERATIONS CENTER: 
Provides notification, diagnosis 
and automated resolution of 
network performance problems. 


VISTASERVICE MANAGER: 
Measures and manages the 


‘ability and reliability of 


that connects IT systems with 
the business services they sup- 
port, said Joe Bergeva, senior 
vice president of marketing at 
Herndon, Va.-based InfoVista. 

The rollout includes Vista- 
Foundation 2.0, an upgraded 
tool that supports network 
and systems analysis and con- 
figuration management. The 
software, which is due out 
next month, will offer new 
features such as the ability to 
correlate servers and network 
switches with business ser- 
vices and then monitor their 
performance. 

A suite of three capacity 
planning, operations manage- 
ment and quality-of-service 
tools that work with Vista- 
Foundation 2.0 are also being 
announced, for shipment in the 
second quarter. Pricing starts 
at $50,000, InfoVista said. 

VistaService Manager 
should help Houston-based 
Schlumberger Information So- 
lutions enhance quality-of-ser- 
vice guarantees to its network 
services customers, said Mi- 
guel Garcia, a program manag- 
er for Dexanet, a global IP net- 
work that Schlumberger runs 
for 35 oil and energy compa- 
nies. The tool will give Dex- 
anet users Web-based access 
to information about uptime 


Are they just 

going to dump 
Domino into a sup- 
port mode? | think 
there’s still some 


concer. 
ALAA EL GHATIT, TECHNICA 


STRATEGIST, HEWITT ASSOCIATE 
“Ford’s adoption of collabo- 
ration has mirrored the indus- 
try’s,” she said. “We have a lot 
of best-of-breed technologies 
mixed together, which doesn’t 
integrate well and gets expen- 


sive to maintain.” @ 44424 


Cowley writes for the IDG News 
Service. 


and other performance mea- 
surements, Garcia said. 
Schiumberger has bought 
more than $250,000 worth of 
InfoVista’s products since ear- 
ly last year, he added. 

James Price, manager of net- 
work and systems monitoring 
at Iron Mountain Inc. in 
Boston, said he hopes to take 
advantage of the service-level 
management and capacity 
planning capabilities in the 
new tools, partly to help the 
company’s document manage- 
ment customers plan for larg- 
er networks as they grow. 

Iron Mountain spent 
$200,000 on InfoVista tools 
over the past two years and 
plans to spend another 
$300,000 this year, Price said. 
Initially, the software helped 
Iron Mountain create a data- 
base of network and systems 
configurations out of what he 
called “absolute chaos.” 

InfoVista’s products re- 
placed management tools 
from vendors such as HP and 
( Soncord Communications 
Inc. “We're still a huge HP 
shop, and we still own HP 
OpenView but have stopped 
using it, five years and $2.5 
million later,” Price said. “It 
was a monolithic behemoth.” 

He added, though, that Info- 
Vista’s new releases need to 
integrate more easily with one 
another and with Iron Moun- 
tain’s internal systems. 


@ 44413 
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Microsoft Loses 
Patent Ruling... 


A federal judge in Arizona ruled 
that Microsoft Corp. has infringed 
on patents held by Tucson, Ariz.- 
based Research Corporation 
Technologies Inc. for a process 
used to create halftone images 
within PC applications. The judge 
sent the case to a jury for a trial 
to determine the extent of the in- 
fringement and monetary dam- 


the validity of the patents. 


... And Faces EC 
Guilty Verdict 


In other Microsoft legal news, 
sources close to the European 
Commission said EC competition 
officials are circulating a draft rul- 
ing that the company abused its 
desktop operating system monop- 
oly. The draft also reportedly says 
Microsoft stifled competition in 
the Windows media player mar- 
ket. Microsoft said it’s discussing 
a settlement with regulators. 


PeopleSoft’s Board 
Targeted by Oracle 


Oracle Corp. notified PeopleSoft 
Inc. that it will nominate five indi- 
viduals for seats on PeopleSoft’s 
board as part of its hostile take- 
over attempt. In response, Peo- 
pleSoft claimed that Oracle’s 
planned nominees “are biased 
and would have irreconcilable 
conflicts of interest.” Meanwhile, 
the European Union said it ex- 
pects to finish an antitrust review 


| 
| 
| 
| 
| 
| 
| 
| 


the infected computer. 

While several vendors of se- 
curity products were issuing 
dire warnings of widespread 


| havoc and dangerous back 

| doors being left open on cor- 
| porate networks by Mydoom, 
| others were less dramatic. 


“From all indications, cor- 
porations of a size large 
enough to afford antivirus 


| [software] at the e-mail gate- 
| way were unaffected,” said 

ages. Microsoft said it will contest | 
| NT Bugtraq mailing list and 


Russ Cooper, moderator of the 


an analyst at Herndon, Va.- 


| based TruSecure Corp. 


Companies that filter out 


| e-mail attachments or analyze 
| the contents of attachments at 


the gateway also were unlikely 


| to have been significantly af- 
| fected, said Darwin Ammala, a 
computer security engineer at 


of Oracle’s unsolicited $7.3 billion | 


offer by April 21. 


Short Takes 


12 TECHNOLOGIES INC. reported a 
fourth-quarter loss of $7 million 
on revenue of $97.7 million. CEO 
Sanjiv Sidhu said he expects the 
fallout from last year’s financial 
reaudit to affect sales for the next 
few quarters. . . . SPRINT CORP. 
added more IP virtual private net- 
work services, including one 
based on Multiprotocol Layer 
Switching technology. 


Harris Corp.'s STAT network 
security unit. 

Mydoom did have a sub- 
stantial impact on home users 
and small businesses, though, 
with at least one estimate that 
up to 500,000 systems world- 
wide may have been infected 
by last Thursday. And the 
virus’s potential to enable 
massive denial-of-service at- 
tacks against The SCO Group 
Inc.’s and Microsoft Corp.'s 
Web sites remained a trouble- 
some concern at the end of the 
week. Both companies an- 
nounced substantial rewards 
for information leading to the 
arrest of the virus writer. 


Lessons Learned 

Donald Armstrong, director of 
enterprise information securi- 
ty at T-Mobile USA Inc. in 
Bothell, Wash., said that of the 
20,000 desktops on his compa- 
ny’s network, only five were 


| infected by the fast-moving 


| this at all,” said Ben Nakamura, | 


virus. He said there’s a “new 
mentality” inside companies 
today that makes end users 
wary of opening attachments. 
“We weren't bothered by 


network administrator for the 
Seattle Mariners baseball team. 


| He said the company was hit 


hard by a virus nearly two 
years ago when someone 


_NEWS 


| opened an attachment. Users 


have learned their lesson, he 
said. “They do not want me 


| to humiliate them in public, 


which I’ll do if they ever open 
a virus attachment.” 
“We are surprised by how 


| little it has affected us so far,” 
| echoed Trey Miller, manager 


of telecommunications ser- 


| vices at Vertis Inc. The Balti- 


more-based advertising and 


| media services company uses 


virus protection services from 
Postini Inc., which scanned 


| all of its e-mail and blocked 

| everything containing My- 

| doom long before the traffic 

| hit Vertis’ network, Miller said. 


But the fact that some anti- 


| virus vendors didn’t have a fix 
| for Mydoom before it infected 
| some computers is worrisome, 


said Eric Beasley, senior net- 


| work manager at Baker Hill 
| Corp., a Carmel, Ind.-based 


application service provider. 
Even though Baker Hill 


| % [Users] do not 
want me to 
humiliate them in 
public, which I'll do 
if they ever opena 
virus attachment. 


| BEN NAKAMURA, NETWORK ADMIN- 
ISTRATOR, SEATTLE MARINERS 


updates its virus signatures 

| hourly, Mydoom still infected 

about 50 of its PCs before the 

| company’s antivirus provider 

| had a fix. “In the past, we 

| would’ve had a fix well before 

the virus hit us,” Beasley said. 
Such outbreaks show why it 

| may no longer be enough to 

| rely solely on signature-based 

| antivirus products for protec- 

| tion, users said. Even though 

| Mydoom wasn’t very different 

| from scores of similar viruses, 

| including a recent one called 
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Mimail, antivirus vendors still 
had to write a separate signa- 
ture to stop Mydoom. 

“It’s a reactive measure with 
[antivirus] products,” said 
Mark Dayton, PC network su- 
pervisor at Alabama Electric 
Cooperative Inc. in Andalusia. 


| “You have to wait for new 


virus signatures to become 
available before you can patch 
your systems.” 

It’s partly for that reason 
that the utility recently decid- 
ed to outsource antivirus ser- 
vices to Atlanta-based Inter- 


| net Security Systems Inc. The 
| ISS service is based on a pro- 


prietary approach designed to 


| offer protection against specif- 
| ic vulnerabilities rather than 


the viruses exploiting them. 


| “It was certainly very effective 
| in blocking against Mydoom,” 


Dayton said. @ 44429 


Mark Hall contributed to 
this story. 


Antivirus Software Vendors Fuel Mydoom Hype 


Mydoom may have emerged as 
one of the fastest-spreading 
viruses in history, but it was 
nowhere near as destructive for 
corporations as other pieces of 
malicious code, such as Slam- 
mer and Blaster. 

Yet corporate users would 
never know that from the stream 
of grim advisories issued last 
week by antivirus vendors and 
other security firms. 

For example, an alert issued 
by Sybari Software Inc. in East 
Northport, N.Y., warned of 
“spreading doom to corporate 
in-boxes.” The Sybari advisory 
stated that Mydoom presented 
“a huge problem for organiza- 
tions as it affects worker produc- 
tivity and poses a critical securi- 
ty risk for corporate networks.” 

Tom Buonielio, a vice presi- 
dent at Sybari, said the advisory 
was an attempt to get compa- 
nies to pay attention to the po- 
tential seriousness of the virus. 
But he acknowledged that most 
corporations appeared to have 
escaped unscathed because of 
existing antivirus protections 
and e-mail filtering techniques. 

McAfee Security, a unit of 


Santa Clara-based Network 
Associates Inc., rated Mydoom 
as a “high-outbreak” threat to 
businesses. The company is- 
sued an advisory on Thursday 
warning that the virus had infect- 
ed about 500,000 systems 
worldwide and was showing no 
signs of abating. 

Craig Schmugar, a virus re- 
searcher at McAfee, later said 
that although no breakdown was 
available to determine how many 
of those systems were corporate 
systems, the majority probably 
belonged to home and small- 
business users. 


Maybe Just a ‘Nuisance’ 
An advisory from Medina, Ohio- 
based antivirus software vendor 
Central Command Inc. referred 
to serious e-mail congestion and 
stated that many corporations 
were being “bombarded with 
Mydoom infected messages.” 
Steven Sundermeier, vice 
president of products and ser- 
vices at the company, later clari- 
fied that apart from Central 
Command's own customers, it 
was very hard to “pinpoint with 
100% accuracy who is or isn’t 


infected.” Much of the conges- 
tion was the result of corporate 
e-mail gateways getting bom- 
barded with infected e-mails and 
was unlikely to have been more 
than a “nuisance,” he said. 

MessageLabs Inc., a provider 
of e-mail services in New York, 
was quick to call Mydoom the 
most virulent virus in history, 
based on its analysis of the in- 
fected traffic it was intercepting 
on behalf of clients. And by mid- 
week, various numbers were be- 
ing bandied about claiming that 
anywhere from a third to a half 
of all e-mail traffic on the Inter- 
net was infected with Mydoom. 
But there was far less discussion 
of how much of this traffic might 
have been intercepted or filtered 
out at corporate gateways. 

Because users had to click on 
an infected attachment for My- 
doom to be activated, it was also 
a lot less dangerous for corpora- 
tions than attacks such as 
Blaster, which was capable of 
infecting machines and scan- 
ning internal networks for other 
vulnerable systems without any 
user intervention. 

- Jaikumar Vijayan 
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Software to Help TVA 
Cut ‘Temp Labor Costs 


Hosted system will let power generator 
run online auctions to bid out contracts 


BY THOMAS HOFFMAN 
HE TENNESSEE Val- 
ley Authority is in- 
stalling a contingent- 
workforce manage- 
ment system that’s expected 
to pay for itself within a year, 
partly by enabling electronic 
bidding by companies that 
supply IT contractors and 
other temporary workers. 

The TVA, the nation’s 
largest public power genera- 
tor, began deploying Elance 
Inc.'s workforce management 
software in late December. 

The browser-based system, 
which will be hosted by Elance 
and is due to go into produc- 
tion by May, is expected to 
help the TVA negotiate better 
labor rates for the approxi- 
mately 1,500 IT workers, engi- 
neers and clerical staffers that 
it typically uses to augment its 
internal workforce. 

For example, Diane Bunch, 
the TVA’s senior vice presi- 
dent of information services, 
said she expects the competi- 
tive bidding capabilities made 
possible by the new system to 
save her group $200,000 to 
$300,000 a year in labor costs. 


‘Like eBay’ 
“Now we'll be able to enter a 
job description into the sys- 
tem, and it'll be like eBay,” said 
Bunch. About 85 contractors 
are currently being used to 
supplement the TVA’'s 643- 
employee IT staff, she noted. 
Bunch said the system 
should also provide other ben- 
efits, including an electronic 
history of the IT projects that 
contractors have worked on. 
In addition to contractors, 
the system will support the 
Knoxville, Tenn.-based TVA’s 
seasonal hiring of about 4,000 
union trade workers, such as 
electricians who are hired to 
do preventive maintenance 


| 
| 
| 
| 


| 
| 
| 


work during off-peak periods 
in the spring and fall. That 
part of the system is sched- 
uled to go into use by mid- 
summer, said Paul LaPointe, 
the TVA’s senior vice presi- 
dent of procurement. 

The TVA currently relies on 
a manually intensive process 
to manage its contingent 
workforce, according to La- 
Pointe. Requests to the 15 to 
20 companies that supply the 
authority with contract work- 
ers are typically handled 
through a flurry of phone 
calls, faxes and e-mails, with a 
mix of spreadsheets and other 


Reporting Tools Added to 


BY JAMES NICCOLAI 

Microsoft Corp. last week 
shipped software that adds re- 
porting capabilities to SQL 
Server 2000, rounding out the 
line of business intelligence 
tools the company integrates 
with its relational database. 

SQL Server 2000 Reporting 
Services has been available for 
beta testing since October. 
One of the testers was The 
Long & Foster Cos., a Fairfax, 
Va.-based real estate services 
firm that wants to standardize 
on the technology to deliver 
nearly 300 corporate reports 
to its 13,000 employees. 

Lance Morimoto, senior 
manager of e-commerce and 
application development at 
Long & Foster, said it now 
uses a mishmash of reporting 
tools from vendors like Cog- 
nos Inc. and Crystal Decisions 
Inc., which was acquired by 
Business Objects SA in De- 
cember. Long & Foster has 
completed a pilot program in- 
volving 35 reports and is hap- 
py with the Reporting Ser- 
vices software so far, he said. 


systems used to track the head 
count and whereabouts of 
temporary help, he said. 

LaPointe didn’t disclose the 
software project’s cost, but he 
said that the TVA expects a 
return on its investment with- 
in 12 months. 

Beyond the initial ROI, he 
added, the authority antici- 
pates that the system will gen- 
erate ongoing savings through 
improved compliance with 
workforce policies and con- 
tract provisions, process stan- 
dardization and system-gener- 
ated invoicing. 

Ashley Stirrup, vice presi- 
dent of products and market- 
ing at Sunnyvale, Calif.-based 
Elance, said the total cost of a 
hosted system for a large com- 


The company created the 35 
reports with Microsoft’s new 
Report Writer authoring tool, 
which is offered as an add-on 
to the vendor’s Visual Studio 
.Net development suite. “The 


whole solution is pretty tightly 


integrated with .Net,” Mori- 
moto noted. 

But he added that it’s too 
early to tell whether Report 
Writer will suffice for porting 


Long & Foster’s 250 existing 


SQL Server 2000 
Reporting Services 
Seem ce eu le 
OPEL ROM ie LCMa RY 


PUR Umer aU) 
distribute the reports. 


Serre Rumi 
Oem ur meee L) 
sya Eee eR ety 

SAP's business applications. 


Exports reports directly to 
Excel spreadsheets or gener- 
ates them in formats such as 
|) a 
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from its new workforce system. 


pany is typically $3 million to 
$7 million over three years, 
depending on the procure- 
ment volumes that are proc- 
essed through the system. The 
TVA’s contract falls within 
that range, Stirrup said. 
Before starting the project, 
the TVA looked at companies 
that had installed similar sys- 
tems, such as General Electric 


SQL Server 


reports to Microsoft’s technol- 
ogy. There may still be a need 
to use third-party software 
like Crystal Reports, he said. 
Dan Zerfas, vice president 
of application development at 
First Premier Bank in Sioux 
Falls, S.D., said the version of 
Report Writer that was includ- 
ed with the second beta re- 
lease of Reporting Services in 
November was much better 
than the initial test code. “It’s 
like night and day,” he said. 
First Premier had been 
building reports using Micro- 
soft’s SQL Query Analyzer and 
Access database. Its develop- 
ers were able to virtually cut 


| and paste the Access code into 


Reporting Services, which 
saved a lot of time, Zerfas said. 


| They also liked the software's 


user interface, he added. 
Philip Russom, an analyst at 
Forrester Research Inc., said 
he doesn’t expect Microsoft’s 
entry into the market to hurt 
reporting tools vendors too 
badly. Report Writer is a “Ver- 
sion 1” product that needs to 
mature, Russom said, adding 


Co. and FedEx Corp., to assess 
the potential benefits and do 
cost benchmarks. The project 
was approved by the TVA’s 
budget review committee in 
November, LaPointe said 
The TVA is currently work- 
ing with Elance to integrate 
the software with its main- 
frame-based procurement sys- 
tem, which is based on appli- 
cations developed by Indus 
International Inc. in Atlanta. 
FedEx Express, which went 
live with Elance’s software in 
August 2002, saw a payback in 
less than six months and has 
reduced the time it takes to 
find temporary help by more 
than 75%, said Zondra Brown, 
manager of express business 
services at the FedEx unit. 
Elance’s rivals include Ariba 
Inc. and PeopleSoft Inc. 
Christa Degnan, an analyst 
at Aberdeen Group Inc. in 
Boston, said users of the work- 
force tools should be able to 
shave their contract-labor 


costs by 10% to 15%. @ 44433 


that the success of Reporting 
Services depends partly on 
whether vendors such as 
Cognos and Business Objects 
agree to support Microsoft's 
Report Definition Language 
That would let reports au- 
thored with third-party tools 
zed and distributed 
through Microsoft's software 

Microsoft released Report- 
ing Services ll months after 
announcing its plan to add the 
technology [QuickLink 36368]. 
It originally planned to intro- 
duce the software with Yukon, 
a 64-bit upgrade of SQL Serv- 
er. But the Yukon launch was 
delayed until later this year, 
prompting Microsoft to offer 
the reporting capabilities with 
SQL Server 2000. 

Microsoft is now working 
on a Reporting Services up- 
grade that will ship with 
Yukon, said Thomas Rizzo, di- 
rector of its SQL Server man- 
agement team. That version 
will be able to more easily 
generate reports from online 
analytical processing databas- 
es, Rizzo said. @ 44434 
Niccolai writes for the IDG 
News Service. 
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MARYFRAN JOHNSON 


Cleaning I'I’s Basement 


F EVER YOUR HOUSE starts sinking into the 

earth, the old joke goes, look for the culprit 

in those piles of National Geographic maga- 

zines stacked in some corner of the basement. 

Everyone with a pack rat in the family knows 
why that’s still funny (and why those piles are proba- 


bly still growing). 

At my house, the moun- 
tains of magazines are a 
molehill compared with 
the swelling stacks of old 
PC monitors and obso- 
lete electronic gear. And 
that stuff can’t be surrep- 
titiously tossed in the 
trash (when the pack rat 
is off at Home Depot), 
because of its toxic con- 
tents. E-waste has to be 
hauled off to special haz- 
ardous-waste disposal 
centers instead. And what a big pain 
that is. So the pile keeps growing. 

Now, imagine that tendency on a 
much grander corporate scale, and 
turn to this week’s “Toxic Legacy” 
cover story to see what your com- 
pany needs to know about e-waste 
disposal. 

Why should you care? Because the 
liability risks are growing. So are the 
fines and legal penalties companies 
face if they screw up the disposal 
process, which gets more restrictive 
every year. 

The physical scope of the problem 
is daunting, with 63 million PCs 
junked last year alone and an esti- 
mated 315 million PCs piling up in 
U.S. landfills by the end of this year. 


Legislation to crack down on e-waste 


disposal is pending in 24 states, and 
some already ban certain IT prod- 
ucts from landfills. The EPA has 
tagged e-waste as the fastest-grow- 
ing stream of waste in the U.S., in 
fact. Not exactly a point of pride for 
this industry. 

The public embarrassment of be- 
ing identified as an e-waste poiluter 
— as Dell was in a 2002 report by 


two activist groups — is 
another weighty conse- 
quence of ignoring the 
issue. Even though the PC 
maker today offers com- 
puter recycling programs, 
that didn’t stop 150 stu- 
dent organizations from 
50 states from signing an 
ad that ran this past De- 
cember in The Austin 
Chronicle, the alternative 
weekly in Michael Dell’s 
hometown, urging the 
company to recycle responsibly. 
Hewlett-Packard and IBM learned 
quickly from Dell’s experience and 


| set up their own computer “take- 
| back” recycling programs. 


So, what are IT organizations do- 
ing about it all? Hiding the problem 


| in the basement, for the most part. 


“The No. 1 solution for IT disposal 


| today is storage,” 





said one recycling 
company VP quoted in our story. But 


| physical storage, unlike the digital 


kind, is getting more expensive, and 
companies eventually run out of 
room. The cost of legitimate disposal 
is about $30 per PC. When you mul- 
tiply that by hundreds or thousands 
of machines per company, the desire 


| to avoid that bill entices some into 


foolishly (and illegally) cutting cor- 


ners. “You can still get a guy in a lit- 


| tle red truck to haul away your PCs, 
| so nobody wants to focus on this is- 


sue,” as one IT exec put it. 
But focus on it you should. Com- 
panies like health care provider 


| Kaiser Permanente are taking pro- 
| active approaches to dealing with 
| end-of-life computer equipment, 


such as including disposal terms and 
conditions upfront in vendor pur- 
chase agreements. Our story is 
packed with ideas like that one and 


| other practical tips and protective 


measures. We also offer some sam- 


| ple documents online [QuickLink 

| 44350] that show how one Fortune 

| 500 company is vetting equipment 

| disposal vendors and crafting legally 


sound disposal requirements. 
So, grab your broom and open that 
basement door. @ 44400 
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Skip the 
Walls Street 
Middlemen 


F SOME of the Google IPO 

takes place as a Dutch 

auction conducted online, 
with shares offered directly to 


investors, Wall Street brokers 
(both retail and institutional) had bet- 
ter plan alternative careers. 

Google’s potential initial public of- 
fering is the focus of intense specula- 
tion. It might happen this spring. The 
company might offer a 10% or 15% 
stake for $2 billion — valuing the 
whole shebang at as much as $20 bil- 
lion. And some of those shares might 
end up being sold via San Francisco- 
based W.R. Hambrecht’s OpenIPO sys- 
tem in an online auction where in- 
vestors can register and then bid for 
shares in much the same way people 
bid for merchandise on eBay. 

Using eBay as a 
model could work to 
boost investor confi- 
dence and help make 
the IPO process more 
fair. On Wall Street, 
the bias of invest- 
ment research de- 
partments, the pref- 
erential treatment be- 
stowed upon favored 
clients and the greed 
of sales-hungry bro- 
kers make it impossi- 
ble for individual investors to wield 
any clout. Unless you’re New York At- 
torney General Eliot Spitzer or a secu- 
rities lawyer with lots of extra time, 
complaining about bad Wall Street re- 
search, faulty stock picks and high 
commission rates or fees won't get you 
as much as a free lunch or an apology. 

The army of well-paid Wall Street 
middlemen doesn’t add value to the 
IPO process, which is why Google's of- 
fering might represent the first step to- 
ward driving them out of business. If 
you can sell airline tickets, books, pre- 
scription drugs and automobiles di- 
rectly to consumers via the Internet, 
why not shares in companies? Wall 
Street types once said that trust and re- 
sponsibility were big enough issues to 
warrant their participation. They cer- 
tainly have disabused us of that notion. 
And yes, when you're trying to sell 
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millions of shares of stock, mutual 
funds and institutional investors are 
necessary players because of the scope 
involved. But what’s to stop a fund 
manager or pension fund from placing 
in order online? Wall Street isn’t going 
out of business; it will just have fewer 
people dialing for dollars, replaced by 
more computers handling the sales and 
record-keeping. 

Sure, Google and its investors, Stan- 
ford University and venture-capital 
firms Sequoia Capital and Kleiner 
Perkins Caufield & Byers, aren’t han- 
kering to buck the entire Wall Street 
system. After all, Google tapped Gold- 
man Sachs and Morgan Stanley as the 
brokers to handle at least part of the 
IPO sale. But if rumors turn to truth 
and individuals are able to bid for the 
golden goose of this IT IPO online, 
what’s to stop other companies from 
following suit? Why pay the middle- 
man to move merchandise when cus- 
tomers — big and small — already 
have the means and the motives to buy 
direct? @ 44241 


MICHAEL 
GARTENBERG 


Rise of the 
Enterprise 
Consumer 


O YOU REMEMBER 

the good old days? The 

days when computers 
were for business profession- 
als and consumer electronics 
gadgets were for, well, consumers? 

I recall a time when IT managers 
told users not to take software from 
work to use at home. Today, we ask 
users to please not bring their applica- 
tions from home to the office. Major 
technologies are still unveiled in Las 
Vegas, but at the Consumer Electronics 
Show, not Comdex. 

If you’re looking for the line that 
separates business users from con- 
sumers, you'd better look behind you 
because we have already crossed it. 
Welcome to the age of the enterprise 
consumer, where both business and 
personal information are commingled 
and consumer-focused digital tech- 
nologies are purchased not by IT de- 
partments but directly by users with 
the expectation that they will be used 
(and supported) for business purposes. 

Today, digital technology is main- 





stream and no longer under 
the complete control of the 
IT department. In many cas- 
es, the computers handed 
out by strained IT depart- 
ments technologically lag 
what consumers use at 
home. “Why would I want to 
use the 7-year-old, 9-lb. Dell 
that my IT guys gave me,” 
one executive recently said 
to me, “when I can use this 
great new 4-lb. Tablet PC 
that I picked up myself run- 
ning Windows XP?” 

IT departments need to 
understand and actually em- 
brace this change, because it’s in their 
best interests. Sophisticated users who 
understand technology are far more 
likely to support IT initiatives and 
fund projects properly. 

While it might seem otherwise, this 
new “educated” 
tunity for IT. Don’t try to segment us- 
age for business and personal devices, 
because the lines between them are 


consumer is an oppor- 


too blurred. It’s best to set 
a consistent policy of what 
will and won’t be support- 
ed by IT. For example, tell 
users that you'll recover 
lost spreadsheets on fried 
disk drives, but not their 
vacation JPEGs. Likewise, 
set a clear policy on which 
applications are standard 
and supported and re- 
emphasize the legal impor- 
tance of adhering to license 
agreements. 

Be proactive, not reac- 
tive. It’s better to have an 
IT-installed and properly 

configured Wi-Fi access point with 


| proper security enabled than to have 


someone go out to a store, buy a cheap 
Wi-Fi router and set it up himself. 
Encourage your staff to follow the 


| latest trends in devices like cell phones | 
| and PDAs, and allocate a small part of 


your budget to keep some of these 
things around so your support staff 
can get some hands-on experience. 


| ent today. 
| workers from 9:00 to 5:00 who turn 


The ability to show users different de- 
vices and guide them down a buying- 


| decision path will positively increase 
| your visibility in the organization, 
| gaining 


you political support for future 
projects. Your staff will be happier be- 


| cause they will get their hands on the 


latest and greatest gadgets. 
Finally, don’t disdain users’ fascina- 


| tion with technology — embrace it 


with enthusiasm. End users are differ- 
They’re no longer business 


into consumers at 5:01. 

The ability to support diverse and 
mingled information spaces is a re- 
quirement, not a luxury, of the modern 
IT department. Trying to dam the flow 
of technology never works. It’s far bet- 


| ter to channel the positive aspects of 
| this trend and get some positive results 


| organizationally as well. @ 44244 


"WANT OUR OPINION? 


More columnists and links to archive: 
columns are on our Web site 
www.computerworld.com/columns 








Offshoring’s Shame | 


AM AMAZED by the IT managers 

in the story “Tests of Leadership” 
[Premier 100 IT Leaders 2004, 
QuickLink 43098] who blithely ad- 
mit that they have sent IT work 
overseas. | would have thought that 
this would be something to be 
ashamed of. We all speak of patrio- 
tism, but that sounds pretty shallow 
when we happily undermine our 
own country, its workforce and, ulti- 
mately, its future for the sake of 
short-term cash flow and share- 
holder greed. This kind of reckless 
abandonment of our most precious 
asset will ultimately shake the foun- 
dations of our country as effectively 
as any terrorist attack. 
Garry Kidson 
Systems architect, Zaphod 
Consulting, Sacramento, Calif., 
gikidson@comcast.net 


Change Is Inevitable 


HAVE BEEN READING about IT 

people complaining about job mi- 
gration to Asia for a while now, and 
I've finally decided to put my two 
cents in. Thinking that politicians 
will save workers’ jobs is an idle 
hope, since large corporations’ ma- 
jor political contributions indicate 
that they want this change. How- 


ever, we should look at what hap- 
pened to the U.S. automobile in- 
dustry in the late "70s and early 
‘80s. Asian competitors threatened 
to wipe the U.S. makers out, but af- 
ter some harsh times of reshaping 
and reinventing themselves, the 
U.S. industry came out very healthy 
and viable, and it will never be in 
such dire straits again. Life, just like 


| business, is all about change. Trying 


leads to harsher and more difficult 
changes that will leave deeper 


| scars. So instead of complaining, | 


suggest we look at the situation at 


| hand, adapt to it and reinvent IT as 
| aviable U.S. industry. 
| J. Clent 


| San Francisco 


ornare an 


| Business Rules 
| Yield Web Security 


| are understood 


HE TECHNICAL ASPECTS of 
Web services security are trivial 
to solve once the business issues 
- and costed 


| [“Overcoming Web Services Inse- 
| curities,” Quicklink 42781]. The 3A 


| 
| 


issues (authentication, authoriza- 


| tion and accountability) demand 
| that comprehensive business rules 


and logic be implemented, particu- 
larly if the wrong technology is cho- 
sen. And using the best account- 


Sydney, 





| ability processes, with the globally 

| trusted authentication embodied in 
| commercial agreements 
| passwords, is by far the cheapest 


. SLAs and 


and most effective assured mes- 


saging model. 


Lyal Collins 
CTO, Key2IT Pty., 
Australia 


eer 


_ Limiting Thin-Client 


| to maintain the status quo inevitably | 


| Apps Isn’t Easy 


HE THIN-CLIENT STRATEGY 
works well if you can limit the 


number of applications in use [“De- 


manding a Better Desktop Alterna- 


| tive,” QuickLink 43511]. But in my 
| experience, this hasn't been possi- 


ble. The number of applications | 


| have to provide is growing, and the 
| limitations that | have with thin 

| Clients are more than equal to the 

| technical and financial benefits 


Maximilian Weigmann 
Vilsbiburg, Germany 


No Cobol in Sight | 


WAS STUNNED to read the letter 
“Java Can't Take the Place of 


| Cobol” in the Jan. 12 issue [Quick- 
| Link 43433]. lan Archibell claimed 
| that a 2003 survey of academic in- 
| stitutions showed that “more than 


three quarters of the respondents 


continue to require learning Cobol 
as an integral part of their computer 
science programs.” 

Well, as a recent compute: 
gineering graduate, | car honestly 
tell you that virtually every computer 
science — in 
requires students to program in 
either C, C++ or Java. Cobol is rare 
even offered as a course oplion 
Therefore, | strongly doub 

of Cobol’s widespread use a 
computer science students. Don’t 
get me wrong; Cobol is still useful 
in many legacy business app 
tions. But its general use is 


ing, whereas that of Java is continu- 


ing to rise 

Li Yang 

Santa Clara, Calif., 
liy@engin.umich.edu 
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comments from its readers 
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CAN LINUX DELIVER LOWER TCO? 
ASK THE PEOPLE EVALUATING IT. 





“We conducted a major TCO study to 
explore Microsoft and Linux solutions 
for our needs. In the end, we found that 
the TCO for the Windows Server System™ 
approach was about 20 percent less 


expensive than Linux.” 


—kKeith Morrow, CIO, 7-Eleven, Inc., U.S. 


7-Eleven chose Microsoft over Linux because of the 20 percent savings in total cost of ownership 
for their 5,800 U.S. and Canadian stores’ highly complex POS system. In their evaluation, 7-Eleven 
was looking for an option that could meet serious technical requirements with a low TCO. Their 
study found that only the Microsoft® platform could meet their criteria. To get the full 7-Eleven 
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Microsoft 


© 2004 Microsoft Corporation. All rights reserved. Microsoft, the Windows logo, and Windows Server System are either registered trademarks or trademarks 





A NETWORK OUTAGE THREATENS 
TO SHUT DOWN GLOBAL DISTRIBUTION. 
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CAN YOUR SOFTWARE KEEP BUSINESS FROM DISAPPEARING? 


Business Service Management solutions from 
BMC Software” can. In fact, they let you predict 
critical performance problems and resolve them 
before they ever impact your business. And you 
can prioritize IT management, investments and 
resource allocations to optimize your business 
performance. So you can solidly align your IT 


investments with strategic business goals. 


© 2004 BMC Software Inc 


And protect the delivery of vital business services 
like sales, customer service, online transactions, 
logistics and distribution—whatever is most 
critical to your company’s success. It’s enterprise 
management software that works with your existing 
IT resources to let you manage what matters from 
a business perspective and execute with precision. 


Find out how at www.bmc.com/bsm51 
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HEN KAISER Permane 
began a program to dis 
pose of its obsolete com- 
puter equipment two 
and a half years ago, it 
was motivated more by 
cost concerns than by 
the desire to properly 

dispose of products with potentially 

toxic content. 

“My boss was concerned with more 
space being taken up xcess and us 


equipment,” says Jim I n, manager of 


health care manéz 
ment company, noting 
that the idle assets ac 
crued storage and 


property tax charges. 


RE ee But he quickly real- 
cr mm Ty ized that the disposal 
Saeed) of IT waste, whi 


contains ma 








substances, presented a potentially | 
and growing liability risk to Kaiser 





Growing public awareness of the h 
is of e-waste and a rising tide of 
lations have increased the pressure 


cycle IT products and set the sta, 





her disposal costs. Meanwhil 
cost bidders f 
equipment dispos 
‘ 3 services may t 
ing through brok 
i equipment to de 
veloping countries 


controversial prac 


Number of PCs — or to illegal waste 
ado Wee dumps in the U.S. Fail 


: mates will ruts ure to establish best 
- Pieuciisanm practices, thoroughly 
x = Bieeeees = check out vendors and 

: create an audit trail 

> * may leave companies on the hook for 
: hefty fines, lawsuits and a barrage of 

; > negative publ ; 
: A typical CRT monitor contains three 
to nine pounds of lead, recyclers say. 


And printed circuit boards contain 


Improper disposal of obsolete IT equipment is fast becoming = beryllium, cadmium, flame retardar 


and other compounds that can co 


amajor liabilityfor corporations. ores peaartteat 
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Stacks of unused equipment (right), many with corporate asset tags clearly visible, end 
up in illegal landfills or in places like Guiya, China, where a worker (left) wearing no pro- 
tective gear pours acid on circuit boards to reclaim precious metals. 


humans to carcinogens and other tox- 
ins when equipment is shredded, 
burned or sent to a landfill. According 
to the U.S. Environmental Protection 
Agency, e-waste is now the fastest- 
growing waste stream in the U.S. 

Until now, only electronics manufac- 
turers have been under pressure from 
activists and regulators to reduce toxic 
content in their products and limit hu- 
man exposure to toxins used in 
their manufacturing processes. 
That’s changing. 

The European Union took 
the lead on end-of-life issues 
when it issued two directives 
on e-waste aimed at manufac- 
turers early last year. One re- 
quires vendors that sell IT 
products in Europe to phase 
out some particularly danger- 
ous toxins, including lead, mer- 
cury, cadmium, hexavalent chromium 
and bromated fire retardants, from 
electronics products by 2006. The oth- 
er holds manufacturers responsible for 
end-of-life disposal costs for their 
products. 

Meanwhile, a wave of e-waste regu- 
lations is beginning to roll across the 
U.S. A new California law assesses an 
upfront fee for every CRT purchased 
to cover recycling costs, bars the ex- 
port of e-waste and requires a phase- 
out of the toxic substances cited in the 
EU directive. California and a few oth- 
er states also have banned landfill dis- 
posal of some IT products, such as 
monitors. In all, more than 24 new bills 
are working their way through state 
legislatures, according to Gartner Inc., 
creating a patchwork of inconsistent 
rules that organizations must follow 
and the potential for stiff fines for 
those that don’t. 

But a more troubling aspect of the 


Have e-waste 
Cres Fettceya) 
in the works 


issue for Kaiser’s Regan came to light 
early in 2002, when two activist groups 
released a graphic and controversial 
report on the export of U.S. e-waste to 
developing countries. The report, re- 
leased by the Basel Action Network 
(BAN) and Silicon Valley Toxics Coali- 
tion (SVTC), asserted that 50% to 80% 
of e-waste collected in the U.S. is ex- 
ported to developing countries. It in- 
cluded disturbing pictures of 
children in the Chinese vil- 
lage of Guiyu playing amid 
mountains of discarded IT 
products, and laborers smash- 
ing monitors by hand out- 
doors and pouring acid over 
circuit boards to remove valu- 
able metals. Clearly visible in 
some of the pictures were the 
asset tags of private and pub- 
lic U.S. organizations that 
previously owned the equipment. 

Follow-up stories confirming the 
e-waste situation in Guiyu appeared in 
major U.S. newspapers, including The 
Washington Post and the San Jose Mer- 
cury News. But as the media and ac- 
tivists focused on Dell Inc. and other 
producers as the culprits, Kaiser’s man- 
agement saw the potential for damage 
to the company’s reputation and brand 
name if its equipment were to appear 
in such an exposé. Exporting e-waste 
isn’t illegal in the U.S., but Regan began 
to get calls from worried doctors in his 
company’s executive ranks. 

By that time, however, he had al- 
ready worked out an arrangement with 
Redemtech Inc., a Hilliard, Ohio-based 
recycler that handles the disposition of 
obsolete IT equipment. Regan’s con- 
tract specifies a zero-landfill policy, in- 
cludes written assurances that Redem- 
tech’s recycling subcontractors don’t 
export any e-waste products and calls 





for documentation of the final disposi- 
tion of all IT products. Regan uses the 
reports to pull assets off the books and 
to protect the company from liability 
lawsuits. “We went into this with a 
risk-mitigation point of view. You real- 
ly have to make sure that nothing on 
the back end sullies your reputation,” 
he says. 

Regan may have been ahead of the 


| curve in thinking about these issues, 


but considering the volume of e-waste 
that companies like his generate 
Kaiser has disposed of 65,000 pieces of 
IT equipment over the past two years 
— he’s convinced that it’s just a matter 
of time before environmental groups 
make an example of a large corporate 
user of IT products. “Do your home- 
work and make sure you have your 


| back covered,” he advises. 


Dell became such an example on the 
vendor side. Ted Smith, founder of the 
San Jose-based SVTC, says that his or- 
ganization singled out the PC direct 
marketer for criticism last year, issued 
negative reports on its recycling poli- 
cies and picketed company offices and 
even the offices of CEO Michael Dell’s 
wife. “We decided that they would 
make a great target,” he says, noting 
that since the SVTC campaign, the 
vendor has “begun to take these issues 
more seriously.” 

The tactic worked: Dell, IBM and 
Hewlett-Packard Co. all say they now 
offer computer return programs and 


| recycle collected IT products. 
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Jim Puckett, coordinator of Seattle- 
based BAN, which opposes the expor- 
tation of hazardous e-waste to develop- 
ing countries and works closely with 
the SVTC, says a high-profile user of 
IT products will be his organization’s 
next target. “We’re going to start going 
after some institutions now and mak- 
ing examples of them in a positive and 
negative way. We're going to be putting 
pressure on the users,” he says. 

Meanwhile, many IT organizations 
remain ignorant of the legal and tech- 
nical issues surrounding proper dis- 
posal of IT equipment. “I still talk to 
clients on a daily basis and they have 
no idea what’s going on. You’d think 
that they would know at this point that 
you can’t just throw this stuff out,” says 
Gartner analyst Frances O’Brien. 


E-waste Economics 
Many IT organizations avoid the prob- 
lem simply by storing obsolete and un- 


| used equipment — a costly proposi- 


tion that both manufacturers and recy- 
clers say will get only more expensive 
as the costs of both storage and dispos- 
al increase. “The No. 1 solution for 
IT disposal today is storage,” says 
Lennie Myers, a vice president at 
Austin-based recycler Image Micro- 
systems Inc. 

When it comes time to remove 


| equipment from service, few compa- 


nies have budgeted for proper dispos- 
al, and fewer still want to convince the 
chief financial officer to spend the $30 


WAYS TO PROTECT YOURSELF 


LEASE EQUIPMENT so that the title 
to the equipment transfers to the leas- 
ing company at the end of the term - 
DISPOSE OF IT EQUIPMENT 
when it’s removed from service. 


BUNDLE DISPOSAL COSTS into 
new purchases by including the dis- 
position of old IT assets in the RFP for 


equipment that replaces it. 


EMPTY THE IT CLOSETS: Dis- 

pose of unused, stored equipment im- 
costs and property taxes plus disposal 
costs that are likely to increase over time. 


INCLUDE A COPY OF THE OP- 

ERATING SYSTEM when donating 
equipment. Machines without an operat- 
ing system are likely to be discarded or 
shipped overseas. 


INCLUDE CONTRACT WORDING 

that prohibits the recycling vendor or 
its subcontractors from exporting equip- 
ment to developing countries that lack 
environmental regulations. 


REQUIRE A FULLY DOCUMENT- 

ED AUDIT TRAIL that shows what 
happened to each IT asset through its fi- 
nal disposition, whether sold, recycled or 
destroyed. 


CONDUCT A DUE DILIGENCE 

background check on the recycling 
vendor and its practices that includes an 
on-site visit. 


CONSIDER DISPOSITION SER- 

VICES from IBM, HP, Dell or other 
major IT equipment vendors. They charge 
more than smaller recyclers, but they 
have reputations to protect and deeper 
pockets if liability issues arise. 


SOURCES: RECYCLING VENDORS, PRODUCT MANUFACTURERS AND CORPORATE USERS 
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per PC that O’Brien says proper dis- 
posal of an obsolete PC typically costs. 
This problem has arisen because the 
end-of-life economics have changed. 
While disposal costs have increased, 
the prices of used PCs have dropped to 
the point where a typical system has 
little or no residual value after just 30 
months, according to Dell. In the past, 
an IT organization could dispose of 
equipment after three years and re- 
ceive a few dollars back, but 
today, it’s more likely to incur 
a net cost. 

“There is a de facto motiva- 
tion for people to cut corners 
in managing end-of-life 
[issues],” says Bob Houghton, 
Redemtech’s president. 

“You can still get a guy ina 
little red truck to haul away 
your PCs, so nobody wants to 


focus on this issue,” says an IT executive | 


at a large financial services company, 
who asked not to be identified. With- 
out executive sponsorship of a respon- 
sible disposal policy, he says, business 
units will continue to throw equipment 
into Dumpsters rather than incur a $25- 
per-unit disposal fee billed through an 
internal, IT-sponsored program. 

The executive was able to gain sup- 
port for responsible recycling by fo- 
cusing on problems with improper 
erasure of data on the hard disk drives 
of discarded PCs and the risk of non- 
compliance with Health Insurance 
Portability and Accountability Act pri- 
vacy regulations. Vendors such as Im- 
age Microsystems and Redemtech ver- 
ify and document disk erasure as part 
of their services. Because of the extra 
costs of responsible disposal, the exec- 
utive says, it will take the negative 
publicity of a “Martha Stewart type of 
case” before businesses will fund 
proper disposal practices. 

“There are bad things happening. As 
a corporation, you need to prove you 
did due diligence,” O’Brien says. That 
means tracking assets and having 
proof of sale or proper disposal — 
something most companies don’t do. 
Despite the risk of negative publicity, 
it’s legal and relatively inexpensive to 
work with brokers that export IT 
equipment overseas. Even recyclers 
that say they don’t export may send 
some equipment or components to 
downstream brokers that do export it. 
Or the equipment could end up ina 
field somewhere unless you've verified 
the vendor’s practices and tracked the 
asset properly, O’Brien says. 

She says one client received an offer 
to remove 3,000 dead monitors for $3 
each, well under the going rate of $7 to 


Average cost to 
dispose of an 
end-of-life PC 


$35. “Three months later, he got a call 
from the Department of Environmen- 
tal Protection asking, ‘Why are your 
monitors in this field?’ ” O’Brien says. 
Investigators such as the EPA can 
quickly trace equipment back to its 
original owner through serial numbers 
or asset tags. 

“If we can’t prove we transferred 
that title, we’re liable,” says the finan- 
cial services company executive. That 

means paying cleanup costs 
and fines. 


Thinking Ahead 


So, what’s an IT executive to 
do? “The best place to [address 
disposal of IT assets] is where 
the competition is, which is 
upfront,” says Regan. He now 
includes specific terms for the 
disposal of existing IT assets 
as part of requests for proposals for 
new equipment. And he’s moving to- 
ward more leasing, which takes the 
problem off his plate. All of Kaiser’s 
250,000 IT assets, including those that 
go back to vendors or leasing compa- 
nies, are processed by Redemtech as 
they’re retired. The vendor collects the 
equipment, wipes the disks, refurbish- 
es, recycles or returns the equipment, 
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and provides written verification. 

“We're looking at a net cost per PC 
of $18.40, and the monitors are $23.71 
on a net basis. We’ve budgeted those 
disposal costs,” Regan says. The total 
tab for processing 19,906 monitors and 
38,204 desktops over two and a half 
years is approximately $1.2 million. 

That may sound expensive, but IT 
organizations should be wary of ven- 
dors that offer disposal services at lit- 
tle or no cost. “They need to be cog- 
nizant of what may be happening tc 
those materials ... and do due dili- 
gence on those vendors,” says Tod Ar- 
bogast, senior manager of asset recov- 
ery services at Dell. 

Don’t sit on IT equipment that has 
reached the end of its life, says Wayne 
Balter, vice president of corporate en- 
vironmental affairs at IBM. John Mont- 
gomery, chief technology officer at 
Marine Terminals Corp. in San Pedro, 
Calif., says his company had a “ware- 
house full of computers” but has got- 
ten rid of them through an organiza- 
tion that recycles them. Montgomery 
refreshes 20% of his PCs each year but 
keeps monitors longer, which saves 
money upfront and delays disposal 
costs on the back end. He’s also gradu- 
ally shifting to LCD panels, which use 
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less energy and don’t contain the 
heavy amounts of lead found in CRTs, 
although fluorescent backlighting in- 
troduces small amounts of another 
toxic substance — mercury. 

Users may eventually reduce back 
end recycling costs by purchasing prod- 
ucts that have lower toxic content at the 
front end. For example, the European 
TCO and Blue Angel certification labels 
provide assurance that some toxic ma- 
terials aren’t present in displays and 
desktops, respectively. But manufactur- 
ers will never be able to completely 
remove all toxic content from electron- 
ic products. The best approach for IT 
products, Houghton says, is to “assume 


everything is hazardous.” @ 43804 


MORE E-WASTE 

It’s Not Easy Being Green: Manufacturer 
recycing problem: QuickLink 43807 
Vet Your Vendors: Read the vendor requirer 


there are ne 


QuickLink 44350 
Vendors Respond: Manufact 


QuickLink 43806 
Resources: Where to get answer 


QuickLink 43805 
www.computerworld.com 


Se ia S| 


Lead: Pervasive in circuit-board solder and CRT monitor 


glass. Can cause mental development problems in children 


and increased blood pressure in adults. Long-term 


include stroke, kidney disease and cancer 


Hexavalent chr im: Used for 
corrosion protection and as a hard- 
ener in metal housings. A recog 
nized carcinogen. May also cause 
respiratory problems 


ing, circuit boards, some switches 
Known to cause birth defects, ele- 
vated blood pressure and heart 
problems. 


Cadmium: Found in batteries, 
printed circuit boards, some plas- 
tics. Ranked among the most haz- 
ardous chemicals by the EPA, cad- 
mium is a known carcinogen and 
can cause developmental and re- 
productive problems. 


Beryllium: Used in circuit boards. 
A known carcinogen. Suspected to 
cause kidney, liver, respiratory, car- 
diovascular and other problems. 
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block radiation 
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boards 
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. both used in plastics. ( 


firmed carcinogens. Cause birth defects. Suspe 
ductive, neurological and endocrine problems 
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TECHNOLOGY — 


App-Layer 


Battle 


Having a firewall, virtual private net- 
work, e-mail gateway and intrusion- 
detection system isn’t enough; today’s 
threats increasingly come through appli- 
cation-layer attacks, says WebCohort 
Inc. CEO Shlomo Kramer. His 

company offers software to de- 

tect and thwart such attempts, 

but the concept has yet to gain 

wide acceptance. In a conver- 

sation with Computerworld’s Robert L. 
Mitchell, Kramer discusses how the na- 
ture of attacks are changing, why so 
many Web applications are vulnerable 
and what he has learned after complet- 
ing 300 penetration assessments. 


How has information security changed since 
you co-founded Check Point Software in 
1993? Ten years ago, [Check Point] 
came out with FireWall-1, the first com- 
mercial firewall. There were three ser- 
vices: FTP, Telnet and e-mail. Today, 
we're talking about enterprise applica- 
tions, hundreds of applications, Web 
servers, databases where everything 
changes all the time. Everything is very 
complex and very dynamic. The old 
firewalls cannot cope with the dynam- 
ics of adding the applications you want 
to add every week. An architecture that 
worked for the network layers will not 
work at the application layer. 


WebCohort’s SecureSphere places sensors 
on a network to analyze the communications 
between users and applications over the 
Web. It examines anomalies from normal ac- 
tivity patterns and then decides whether a 
session constitutes an attack. Can you give 
an example of how that might work? In a 
buffer overflow situation, programs 
don’t check the length of the [input] 
parameter. You can inject a string 
that’s too long and take control of the 
application or crash the server. So the 
hacker tries to inject long strings. Se- 
cureSphere sees that one parameter is 
too long and that the application re- 
turned an error code. 

With one event, you can’t do any- 


round 


thing. But if in two minutes I see 10 or 


| 20 of these going back and forth, I can 
| say with a very high level of certainty 


that this session is trying to do buffer 


| overflow, so this session needs to be 


terminated. 

This is a very simple 
example, but this is the 
way we use the structural 
anomaly. We find them, we 

correlate them over time, and we find 


| enough evidence to say this is a bad 


thing. 


How many large companies are using such 


| tools today? This is the very beginning 
| of the market. Only the very early 
adopters are using this or considering 


using this type of tool. 


Does that mean users aren’t really having 


these types of problems? One of the ser- 
vices we provide is penetration testing. 
One of our recent clients was one of 


| the 10 largest banks in the U.S. They'd 


invested in firewalls and network in- 
trusion prevention, all of this infra- 
structure. They were pretty certain 


| about their security. They gave us four 
| days to penetrate their online banking 


system. All we had was an [online] ac- 
count. It took us three hours to pene- 





| trate that custom application and gain 


full access to all online accounts. This 
was completely unnoticed by any of 
the infrastructure firewalls and intru- 
sion-prevention products because it 
happened entirely within the applica- 


| tion. We have tested almost 300 appli- 


cations in the last four years, and the 


| majority of them — more than 95% of 
| them — have major security issues, 


major vulnerabilities. 


What types of applications tend to be most 
vulnerable? It goes much beyond the 


bugs in [Microsoft’s] IIS or SQL Server. 


The real problem, the most dangerous 
one, is that the bugs in the custom 
code, the code that implements the 
business process, that implements ac- 
cess to the information in the database, 
is very vulnerable. 


| Of the 300-odd penetration tests you did, 


what were the most common vulnerabili- 
ties? Two out of three sites were vul- 
nerable to SQL injections. Four out of 
five sites were vulnerable to cross-site 


| scripting. Two out of three sites were 
| vulnerable to parameter tampering. 
| These three are at the top of the list. 


| From your experience, what percentage of 

| Web applications have been properly de- 

| signed with security in mind? A very small 
| percentage. 


| Shouldn't organizations be focusing on fixing 
| those vulnerabilities, rather than just detect- 
| ing exploits? The basic programming 


methodologies that need to be ad- 
dressed are simple. All of this is well 
documented. The key is, how do you 
make [the use of secure coding meth- 


| odologies] consistent? Time goes by, 


and modules are added and changed. 
Beyond that, there are many vulner- 


| abilities that are not technical but logi- 


cal. These are much harder to protect 
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tects and blocks attacks on We 


pplication and database vulnerabilities. 
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App-Layer Vulnerabilities 


SRE) ait sje 


against, in terms of making sure they 


don’t go into the code — the logic of 


the modules and the way they interact. 
These will always be there. Even with 
the best practices, you will always be 
faced with enterprise applications with 
serious vulnerabilities. You will always 
have bugs. 


The network security perimeter is too crowd- 
ed as it is. Why not consolidate this function 
into firewalls or other security appliances? 


| This is a separate class of product, and 
| someone needs to provide a platform 


for securing access. I don’t see why 


| this needs to be consolidated with the 


platform that controls the traffic in the 
network. They are two problems that 
need to be solved separately. 


Check Point already offers a function called 
Application Intelligence in its FireWall prod- 
uct. If we look at Check Point and Ap- 
plication Intelligence, it’s the same ba- 
sically as the network intrusion pre- 
vention. These are products that work 
at the network layer and, using signa- 
tures, protect against known attacks. 
But they do not protect the application 
against unknown attacks. We track 
users over time. We know how a nor- 
mal user behaves, and we identify the 
malicious sessions by clues we collect 
over time until there’s enough evidence 
that, hey, this user is trying to do some- 
thing bad. This is a completely differ- 
ent level of technology than the infra- 
structure security players can provide. 


What do users need to do to ensure success- 
ful deployment of security tools? You need 


| to understand what you’re doing and 


what your security policy is. Which 
alerts do you use, what do you want to 
do with your alerts, where do you want 
to send them, and what do you want to 
block? If what you configure does not 
match your policy, that’s a problematic 
situation. @ 43959 
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BY MARC L. SONGINI 
OMPANIES KNOW they 
have valuable data ly- 
ing around throughout 
their networks that 
needs to be moved from one 
place to another — such as 
from one business application 
to another or to a data ware- 
house for analysis. 

The only problem is that the 
data lies in all sorts of hetero- 
geneous systems, and there- 
fore in all sorts of formats. For 
instance, a CRM system may 
define a customer in one way, 
while a back-end accounting 
system may define the same 
customer differently. 

To solve the problem, com- 
panies use extract, transform 
and load (ETL) software, 
which includes reading data 
from its source, cleaning it up 
and formatting it uniformly, 
and then writing it to the tar- 
get repository to be exploited. 

The data used in ETL proc- 
esses can come from any 
source: a mainframe applica- 
tion, an ERP application, a 
CRM tool, a flat file, an Excel 
spreadsheet — even a message 
queue. 


Pulling the Data 


Extraction can be done via 
Java Database Connectivity, 
Microsoft Corp.’s Open Data- 
base Connectivity technology, 
proprietary code or by creat- 
ing flat files, says Mike Schiff, 
an analyst at Current Analysis 
Inc., a Sterling, Va.-based con- 
sultancy. 

After extraction, the data is 
transformed, or modi- 
fied, depending on the 
specific business logic 
involved so that it can 
be sent to the target 
repository. 

There are a variety 
of ways to perform the trans- 
formation, and the work in- 
volved varies. The data may 
require reformatting only, but 
most ETL operations also in- 
volve cleansing the data to re- 
move duplicates and enforce 
consistency. Part of what the 
software does is examine indi- 
vidual data fields and apply 
rules to consistently convert 
the contents to the form re- 


quired by the target repository | 


or application, says Schiff. 
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ETL stands for extract, transform 
and load, the processes that en- 
able companies to move data 
from multiple sources, reformat 
and cleanse it, and load it into 
another database, a data mart or 
a data warehouse for analysis, or 
on another operational system to 
support a business process. 


For example, the category 
“male” might be represented 
in three different systems as 
M, male and 0/1. The ETL 
software would recognize that 
these entries mean the same 
thing and convert them to the 
target format. 


In addition, the ETL process | 


could involve standardizing 
name and address fields, veri- 
fying telephone numbers or 
expanding records with addi- 
tional fields containing demo- 
graphic information or data 
from other systems. 

Harriet Fryman, group di- 

__ rector of product mar- 
keting at data ware- 
housing vendor Infor- 
matica Corp. in Red- 
wood City, Calif., of- 
fers an example. Say, 
for instance, that a 
customer runs Oracle finan- 
cials, PeopleSoft human re- 
sources software and SAP 
manufacturing applications 
and needs to access the data 
in each of these systems to 
complete an order-to-cash 
process. This will require the 
company’s ETL software to 
extract data from the originat- 
ing systems, which isn’t as 
easy as it sounds in some in- 
stances — for example, pulling 
data from the SAP manufac- 


turing application would re- 
quire the generation of SAP 
proprietary ABAP code to ex- 
tract the shipping and open 
purchase-order information. 
The transformation occurs 
when the data from each 
source is mapped, cleansed 
and reconciled so it all can be 
tied together, with receivables 
tied to invoices and so on. 


Moving and 
Improving Data 


EXTRACT 
The process of reading data 
from a database. 
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(G++, Java, Visual Basic) 
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After reconciliation, the data 
is transported and loaded into 
the data warehouse for analy- 
sis of things such as cycle 
times and total outstanding 
receivables. 

Fryman says customers are 
using ETL not only for data 
warehousing and business in- 
telligence activities; they’re 
also moving data from one op- 
erational system to another, 
such as from an ERP system 
to a CRM application. 


One Truth 


“ETL allows teams of business 
users to operate from one ver- 
sion of the truth,” says Chet 
Phillips, IT director for busi- 
ness intelligence at Motorola 
Inc. in Schaumburg, Ill. The 
company uses ETL to feed its 
Informatica data warehouses. 

ETL allowed Motorola to 
collect information from 30 
different procurement systems 
and send it to its global supply 
chain management data ware- 
house to analyze what the 
company was spending in ag- 
gregate, says Phillips. 

In the past, companies that 
were doing data warehousing 
projects often used home- 
grown code to support ETL 
processes, says Schiff. How- 
ever, even those that had done 
successful implementations 
found that the source data file 


TRANSFORM 

The process of converting the ex- 
tracted data from its original state 
into the form it needs to be in so 

it can be placed into another data- 
base. Transformation occurs by us- 
ing rules or lookup tables or by 
combining the data with other data. 
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formats and the validation 
rules applying to the data 
evolved, requiring the ETI 
code to be modified and 
maintained. And companies 
encountered problems as 
they added systems and the 
amount of data in them grew. 
Lack of scalability has been a 
serious issue with homegrown 
ETL software. 

Providers of packaged ETI 
systems include Microsoft, 
which offers data transforma- 
tion services bundled with its 
SQL Server database. Oracle 
has embedded some ETL ca- 
pabilities in its database, and 
IBM offers a DB2 Information 
Integrator component for its 
warehouse offerings. 

There are also third-party 
vendors that offer bolt-on 
tools. They include Informati- 
ca, data integration vendor 
Ascential Software Corp. in 
Westboro, Mass., and Hum- 
mingbird Ltd. in Toronto. The 
software from third-party ven- 
dors can offer integration 
among a wider variety of het- 
erogeneous applications and 
data structures, says Schiff. 


@ 42410 
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LOAD 
The process of writing the data 
into the target database. 


ETL software is used to migrate data from one database to another or to data marts and data warehouses. 
The central part of the process, the “transform” function, cleanses the data, eliminates duplicates and refor- 
mats the data for the target repository. 
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Developer Tool Kit 


Raises Backdoor Al 


| development group. Using the 


When antivirus software points to malware 
in production applications, the source 
appears to be the tool kit used to create 

the affected code. By Vince Tuesday 


OW WELL would you 
do in a negotiation 
with a foreign vendor 
if the representative 
didn’t speak English and your 
translator was secretly work- 
ing for a competitor? How 
would you ever find out? And 
how would you investigate, 
even if you did suspect it? We 
faced this terrible problem 
recently, but in our — 
case, the translators 
were programs, not 
people. 
Our software trans- 


the business informa- 

tion that we use to 

make decisions and execute 
trades. If we can’t trust that 
software, then we can’t trust 
what it’s telling us about our 
data. And if we mistakenly 
trust that data, we'll lose a lot 
of money very quickly. 

We have to place a lot of 
trust in the staff that writes 
our applications. We also do a 
lot of code testing, but that’s 
mostly aimed at finding er- 
rors, not deliberately hidden 
malicious code. Such embed- 
ded code might be leaking 
data to competitors or adjust- 
ing financial reports so that 
the perpetrator can rip us off 
without being detected. 

Luckily, we have sharp audit 
teams, we force our develop- 
ment teams to use develop- 


ment tool kits, and we conduct 


code reviews to make sure 
there are no surprises in our 
code’s quality. 

But what if we can’t trust 
our tool kits? What if, after all 
the manual review and the 
checking of our custom code, 
the tool kit goes ahead and in- 
stalls malicious code in our 


SECURITY 
MANAGER'S 
lates stored data into JOURNAL et 


applications? That was the 


| question I faced when our 


antivirus software started 


| shouting about us having a 


“backdoor” program on key 
production servers. 
Specifically, the virus check- 


| er found a Dynamic Link Li- 
| brary (DLL) file on most of 


our servers that contained the 
signature of a relatively new 
backdoor tool. 

Could some de- 
velopment staffer 
have sneaked a back 
door into our code? 
We immediately 
shipped copies of 
our code to antivirus 
vendors for analysis. Perhaps 
this was a false alarm. Or per- 
haps some code combination 
was setting off the antivirus 
alert without actually being 
malicious. 

But our hopes were dashed 
when the vendors confirmed 
that the code was a match. 
The code itself consists of a 
series of hooks that an attack- 
er could use to hide files from 
the operating system or to col- 
lect passwords by intercepting 
the calls that legitimately ask 
for them from users. 

At first, the finger of suspi- 
cion pointed squarely at the 


Could some 
development staffer 
have sneaked a 
back door into 
our code? 








new antivirus signatures, we 


| began sweeping across pro- 
| grammers’ desktops. The in- 


fected files were everywhere 

— even on the release CDs 

from our tool kit provider. Oh. 
If the backdoor files were 


| on the CD, then our staff was 


not the cause of the problem. 
By using the tool kit, our pro- 
grammers had inadvertently 


| created infected files with 
| each new application. 


But my relief that our own 
staff wasn’t to blame gave way 
to a couple of more horrible 


| thoughts: Had an attacker fig- 


ured out a way around the de- 
fenses of not just my company 
but every other financial ser- 
vices company that uses this 
tool kit? Indeed, why target a 
well-protected financial ser- 
vices company when you can 
attack a tool kit distribution 
they all use? 


| The New Dilemma 


After some frantic calls to the 
tool kit vendor, we tracked 
down the senior technical 
staffers. The code in question 
wasn’t a back door, they ex- 
plained, but a series of tools 
used for debugging so that ap- 
plication events could be 
caught and modified to let 
testing happen without chang- 
ing the operating system. 

This sounded reasonable. 
But why did the antivirus ven- 
dors claim it was a threat if 
this code was used only for 
harmless testing? A more ju- 
nior technical chap replied in 
a blasé manner that he was 
friendly with a hacker group 
and that they had used the 
same tool kit we had bought. 
But instead of hooking into 
the calls to debug and test 
code, they had produced a fa- 
mous backdoor program. 

I was at a loss. Should I trust 
the vendor’s assurances that 
the tool kit wasn’t malicious, 
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even though the code was pro- 
duced by a staffer who ex- 
changed tools with a black-hat 
hacker group? How could we 
be sure that the hackers 
wouldn't target the vendor of 
the tool kit to get into the le- 
gitimate companies that had 
bought it? 

On the other hand, we had 
no evidence that anything ma- 
licious had happened — but 
how would we know until we 
lost a lot of money? 


| Tough Choices 


I'm still trying to decide what 
to do. We might consider get- 
ting our staff or an indepen- 
dent group to review the tool 
kit source code, in the unlikely 
event that the vendor would 
agree to this. But that would 
be very expensive, and with 
every new release, we'd have 
to check it all again. 

Even then, how would we 
know that the compiled DLLs 
and executable files that we 
received were produced from 
the source code that was 
checked? 

If we don’t do something, 
then the very tool kits we re- 
quire our programmers to use 
to reduce security risks might 
provide a hacker with a direct 
route into the core of our com- 
pany. For now, we’re just run- 
ning antivirus scans on all our 
software. 

This issue has opened my 
eyes to the level of trust I can 
extend to a vendor. What 
would you do if you were in 
my situation? I welcome your 
suggestions. D 


| WHAT DO YOU THINK? 


This week's journal is written by a real 


| security manager, “Vince Tuesday,” whose 


name and employer have been disguised 
for obvious reasons. Contact him at vince 


| tuesday@hushmail.com, or join the dis- 


forum: QuickLink a1590 
To find a complete archive of our 


Security Manager's Journals, go online to 


| @computerworld.com/secjournal 
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Security Bookshelf 


Exploiting Software: How to 
BreakCode,by = 

Greg Hoglund and 

Gary McGraw; 
Addison-Wesley, 

2004. 


This book has a 
black hat on the 

ver, and for 
good reason: It 
teaches readers how to exploit 
software and attack systems. 

While it’s great if you want 
to delve into the mind-set and 
tool kit of the black hats, the 
authors touch only lightly on 
defensive measures. For ex- 
ample, they repeatedly advise 
against relying on blacklists to 
stop bad inputs because they 
prefer whitelists. That may be 
good advice, but the authors 
give no details on how to im- 
plement the strategy. 

Exploiting Software, clearly 
written by experts, is perfect 
for development teams that 
need to understand the scale 
of the shared experience ready 
to be leveled against their 
software. As a security man- 
ager, however, I’m not reas- 
sured about the state of my 
company’s current defenses 
or software infrastructure, 
since Hoglund and McGraw 
have shown how to bypass 
even the most carefully de- 
signed security controls. 

~ Vince Tuesday 


intrusion Detection 
For Voice Nets 


CallKnowing LLC in Sacra- 
mento has announced an in- 
trusion-detection service that 
monitors both private branch 
exchange and voice-over-IP 
telephony systems and reports 
problems. The service moni- 
tors the PBX configuration for 
changes, scans IP-connected 
devices for possible vulnera- 
bilities and monitors activity 
on TCP and UDP ports. It also 
monitors and logs events such 
as unauthorized changes to 
stations, failed access at- 
tempts, excessive outcalling 
from voice mail and unusual 
trunk activity. Reports and 
alerts are delivered via e-mail 
and are available on the Web. 
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CA Upgrades 
Backup Software 


Computer Associates Internation- | 


al Inc. last week announced that 


it’s shipping BrightStor ARCserve | 


Backup Release 11 for Windows, 
which allows companies to copy 
data on Microsoft-based clients 
and servers. New features include 
the ability to support multiple 
backup jobs to the same tape me- 
dia simultaneously, according to 
Islandia, N.Y.-based CA. Pricing 
starts at $775. 


NAI Unveils Net 


Management Tools 
Network Associates Inc. in Santa 
Clara, Calif., has added two prod- 
ucts to its Sniffer product line: 
the InfiniStream Network Man- 
agement system and the 10GbE 
Analyzer. 

InfiniStream Network Manage- 
ment comes in two models. The 


i1610 is a 4U rack-mounted appli- | 


ance with 3.2TB of storage ca- 
pacity and two ports offering 
Gigabit connections. The i410 is 
a 2U rack-mounted appliance 
with 800GB of storage and four 


ports of 10/100 Ethernet capabili- | 


ty. (A 1U server is 1.75 in. high.) 
The i1610 is priced at $75,000, 
and the i410 costs $35,000. 

The 10GbE Analyzer is a 10 
Gigabit Ethernet network moni- 
toring and analysis appliance 
priced at $150,000. 


Suite Adds IM to 


Videoconferences 


Tandberg last week announced 
an upgrade to its management 
software that brings instant mes- 
saging capability to videoconfer- 


encing. The New York-based ven- | 


dor’s Tandberg Management 
Suite 8.0 will support Tandberg 
Instant Messenger software, 
which works with MSN Messen- 
ger to detect the presence of IM 
users and indicate whether video- 
conferencing hardware and soft- 
ware are available for a videocon- 
ferencing session. Tandberg in- 
stant Messenger costs $5,000 
for 50 concurrent users; TMS 8.0 
costs $3,750 for 25 systems. 
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Ins, 


Is Still for Losers 


HE MOST FREQUENT REASON compa- 
nies turn to outsourcing is the need to in- 
crease profits. Replacing premium-priced 
labor with workers earning less has led to 
lower costs for products and services. 
That in turn has led to an increase in the purchases — 
that is outsourcing — of materials, components, parts 
and services by the companies. The value of outsourc- 


ed goods and services for 
U.S. companies now aver- 
ages 65% of the value of 
their sales. This kind of cal- 
culation is in the spotlight 
because this phenomenon 
has become the central 
concern of what’s called 
the “globalization” of com- 
merce. Accordingly, firms 
with a higher ratio of out- 
sourcing purchases to sales 
would tend to be more 
profitable since they would 
be substituting lower-cost 
goods and services from 
global sources for higher-priced U.S.- 
produced equivalents. 

A theory that suggests that out- 
sourcing improves profitability would 
contradict observations I made in 
Computerworld in 1995 [see “Out- 
sourcing: A Game for Losers,” Quick- 
Link a3980]. At that time, I collected 
data on 13 of the largest IT outsourc- 
ing contracts. I showed that compa- 
nies that were contracting out a major 
share of their IT spending could be 
characterized as losers. Their profits 
were declining while they were cut- 
ting significant numbers of employees. 

To re-examine the economics of out- 
sourcing, I collected 2002 payroll data 
on a diverse and random sample of 324 
companies listed in Standard & Poor’s 
financial reports. After adding taxes, 
profits and depreciation, I calculated 
each company’s value-added. The dif- 
ference between sales and the value- 
added yielded the worth of outsourced 


purchases because sales 
minus value-added equals 
the amount that has been 
outsourced to suppliers. 
The results were sur- 
prising. One hundred and 
seven companies reported 
a negative return on share- 
holder equity, which would 
mark them as losers. But 
217 reported a positive re- 


turn on shareholder equity, | 


which would earn them 
the winner’s label. There 
were, however, statistically 
significant differences be- 
tween the losers and the winners. 
The losers’ average outsourcing-to- 


sales ratio was 25% greater than the 


winners’. Eighty-six percent of the 
losers were outsourcing more than 


| half of their costs. The returns on 
| shareholder equity for the winners 
| were clustered around low outsourc- 


ing ratios; the large losers showed high 
outsourcing ratios. 

To verify these insights, I ran an 
analysis of 466 U.S. banks. For this ho- 
mogeneous sample, the negative rela- 
tionship between outsourcing and 
profitability was statistically even 
more significant. What do these find- 
ing tell us? 

1. My 1995 assertion that “outsourcing is a 


| game for losers” still stood up in 2002, even 
| though in this case I don’t propose to 


connect the outsourcing of IT with 


| negative profitability. The current 
| findings offer a managerial perspec- 


tive on the economics of outsourcing. 


2. My calculations indicate that only 26% 


| of the low profitability results are attributable 
| to outsourcing. Companies already fail- 


ing for other reasons will tend to out- 
source increasing amounts of work, 
thus diminishing their value-added. 
3. My findings don’t support the frequent 
predictions that U.S. firms will tend to out- 


| source in order to increase profits and thus 


eventually leave us with a “hollow” economy. 
What, then, is the significance of 

these findings for IT management? 
First, the decision to outsource IT 


| shouldn’t be taken in isolation and 
| without full exploration of the poten- 


tial effects on the overall financial per- 
formance of a company. Sure, one can 


| always show savings by passing IT 


tasks to someone who can do it cheap- 
er. But IT accounts for only a small 
share of the total costs that a company 


| incurs. The damage from mismanaged 


outsourcing will always exceed the po- 


| tential benefits from anticipated IT 


cost reductions. 
Second, any company bidding on an 


|} Outsourcing contract should ascertain 
| whether the potential client is a loser 


or a winner. There are many cases that 
demonstrate why delivering services 


| to losers with already damaged sys- 


tems is risky. Whenever IT work is 


| outsourced, even under an ironclad 


contract, there is the likelihood that 
the losers’ damaged operations sys- 


| tems can’t be fixed by handing over 


custody for critical applications to a 


| contractor. Both the winner of such an 


outsourcing contract and the company 
doing the outsourcing will end up 
worse off and in hard-to-reconcile 
finger-pointing. @ 44320 


| MORE ONLINE 


| 
| 


To see a chart of how Strassmann’s winners 
fall, visit our Web site 
QuickLink 24010 
www.computerworld.com 
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Dual Curses 

Two scourges — viruses and 
spam — are the most vexing 
e-mail issues facing CIOs, ac- 
cording to an exclusive survey. 
Regulatory compliance isn’t 
far behind. Page 29 


OP-CULTURE EXPERTS say 
the nostalgia cycle is grow- 
ing shorter and shorter — 
that someday we may all 
yearn for those lazy, hazy, 
carefree days of six weeks 
ago. So it doesn’t seem out of line to 
look back with amusement at 2000. 
Back then, James Glassman and Kevin 
Hassett’s Dow 36,000: The New Strate- 
gy for Profiting from the Coming Rise in 
the Stock Market (Three Rivers Press, 
2000) was selling briskly, and experts 
were predicting that enterprises were 
set to junk a hundred years’ worth of 
purchasing practices and instead buy 
everything — from manila envelopes 
to sheet steel — through online ex- 
changes, or e-marketplaces. 
Seems almost quaint, doesn’t it? 


The idea, you'll recall, was to conjure | 
the Internet’s power to form a more effi- | 


cient marketplace. Suppliers would be 
forced to cut prices (because if they 
wouldn’t, a competitor surely would), 
but the best would benefit from massive 


volumes. Buyers would have a world of | 


choice a mouse click away, all at rock- 
bottom prices. Everybody would win. 
All this was scheduled to 

occur soon, just about 

the time 


a V 
Me 
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RO! 
A Tough Sell 


Multimillion-dollar medical 
imaging systems are hard to 
sell to cash-strapped hospitals, 
but some users say they’ve 
seen definite benefits. Page 30 


Why did some online 
exchanges survive while 
many others failed? It helped 
to have members with deep 


pockets. By Steve Ulfelder 


Q2.02.04 


THINK TANK 
Who’s Driving IT Alignment? 


Who should be in charge 
of business/IT alignment? 
It’s the CEO, not the CIO 
argues Gopal Kapur. 


Page 32 


the Dow would be closing on 36,000 

According to Keenan Vision Inc., a 
Berkeley, Calif.-based analyst firm, 
more than 200 exchanges and ex- 
change-related products were rolled 
out each month from November 1999 to 
April 2000. Small wonder, then, that 
Keenan once predicted that there 
would be 4,070 exchanges in the U.S. 
by this year. Today, analysts and ex- 
change CEOs say they believe that 
fewer than 200 e-marketplaces survive 
— though It’s hard to nail down a pre- 
cise number. 

Carl F. Lehmann, an analyst at Meta 
Group Inc., says, “If you’re trying to 
exploit economies of scale, you don’t 
need to set up [online] markets; you 
need to analyze markets. All you have 
to do is put three good MBAs on the 
problem. But we learned that too late.” 

Most exchanges were bubble-driven 
businesses that quietly folded when 
the venture funding dried up. But some 
vertical e-marketplaces were founded 
by industry consortia whose members 
boast deep pockets. Many of them 
have flailed about for tenable business 
models and managers, but along the 
way they’ve learned how to deliver val- 
ue to their members/customers. By 
signing on with Elemica Inc., an online 
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exchange for the chemical industry, 
The Dow Chemical Co. “saved thou- 
sands of hours,” says Dow CIO Dave 
Kepler, “and we think we can [eventu- 
ally] reduce inventories up to 50%.” 


Less Tech, More Value 

While the exchange boom was by its 
very nature technology-driven, the 
surviving companies universally agree 
that their focus has shifted. “We’ve 
transitioned from a tech company in 
Houston to a company with people on 
the ground working with [member 


ee 6 
companies’] procurement people,” says | 


John Wilson, CEO of Trade-Ranger 
Inc., an exchange that serves the ener- 
gy industry. “Three years ago, the tech 


was our raison d’étre. No longer. We’ve 


gone from being IT experts to being 
purchasing experts.” 

Like their fallen brethren, the surviv- 
ing exchanges once had ambitious, IT- 
driven plans — overly ambitious, as it 
turned out. For many reasons, compa- 
nies were reluctant to alter purchasing 
practices. To succeed, exchanges had 
to adjust. “In 2000, we thought we’d 
move faster. We thought we'd bring 
people right to the Net and XML,” says 
Kevin Ruffe, chief operating officer at 
Global Healthcare Exchange LLC. “But 
soon we realized we were pushing a 
rock uphill. Health care [IT] systems 
aren’t the most up to date. ... People 
had EDI and didn’t want to change 


b 


that. We had to back off our aspirations | 


of making major changes quickly.” 

Trade-Ranger was “conceived as a 
technology play, but no one knew how 
to make the value real,” Wilson says. 
“The first idea was to connect the 
world virtually from behind a firewall 
in Houston. It didn’t work. We then 
spent a few hundred million and went 
through many CEOs.” Trade-Ranger 
survived its murky times because its 
founding companies were patient and 
had a five- to seven-year plan. 

It’s still not clear whether even the 


‘The Survivors 


A sampling of extant industry exchanges: 


aids 
Covisint LLC 
Elemica Inc. 
Exestar LLC 
E20pen Inc. 


Global Healthcare 
Exchange LLC 


Pantellos Group LP _Utility/energy 
Trade-Ranger Inc. 
Transora Inc. 
UCCret Inc. 


WorldWide Retail 
Exchange LLC 


INDUSTRY 
Automotive 
Chemical 
Defense/aerospace 
Technology 


Health care 


Energy/chemical 
Consumer goods 


Retail 


survivors will ever be truly successful. 
Analysts say privately that many com- 
panies that helped found exchanges 
have little hope that their investments 
will ever pay off, and they would bail 
out if they could do so gracefully. 

The strongest exchanges appear to 
be those that downplayed technology 


from the outset. Pantellos Group LP, an | 


e-marketplace for large utilities, is 
mentioned by Gartner Inc. analyst An- 
drew White as one of the standouts. 
According to Pantellos CEO Jim 
Neikirk, the key is that “from the be- 
ginning, we knew it was about value- 
add, not just technology. Our clients 
have had some [fiscal] struggles, so we 
recognized that cost management is 
really important to them.” 

Early failures — or, at best, unim- 
pressive savings for customers — 
prompted exchanges to ask how they 
could deliver value, and the result, 
Meta’s Lehmann says, is that “they’re 
morphing into supply chain business- 
process outsourcing companies.” In- 


Deep Pockets Prevail 


The vast majority of today's exchanges owe 
their survival in large measure to the simple 
phenomenon of deep pockets: They were 
formed by massive companies that kicked in 
millions apiece back in the heady late 1990s. 
The WorldWide Retail Exchange, for example, 
was founded by 17 retailers from the U.S., Asia 
and Europe, each of which kicked in $10 mil- 
lion, according to Nick Parnaby, the exchange’s 
global director of member development. 
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The WorldWide Retail Exchange then re- 
cruited another 45 members that contributed 
lesser sums, Parnaby adds. All told, the ex- 
change raised $200 million within a year. 

Most exchanges are less forthcoming about 
the amount of their funding, but the might of 
their founders offers clues. Elemica, for exam- 
ple, was formed in 2000 by such chemical- 
industry titans as Du Pont Co., Dow Chemical, 
BASF Corp. and Mitsubishi Chemical Corp. 


Consumer goods/retail 
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deed, when exchange executives dis- 
cuss their offerings, they could easily 
be confused with systems integrators 


or software vendors. 


“We wanted to get buyers’ ERP talk- 
ing to sellers’ ERP,” says Elemica CEO 
Kent Dolby. Elemica’s star offering is a 
software hub that allows the many in- 
dustry-specific XML variants to com- 
municate with each other. “Some larg- 
er companies want to be very integrat- 
ed [with supply chain partners] and 
have a SAP or Oracle or Baan system,” 
Dolby says. “Others may be simple 
buyers working off Excel spreadsheets. 
We need to talk with all of them.” 


Real Savings? 


The big question is whether exchanges 
can help companies save money — and 
how much. 

Nick Parnaby, global director of 
member development at the World- 
Wide Retail Exchange LLC in Alexan- 
dria, Va., says that since the exchange’s 
founding in 2000, “members have 


Pantellos was established (also in 2000) by 
the nation’s 20 largest electric utilities, includ- 
ing Consolidated Edison Inc., Duke Power Co., 
Entergy Corp. and Pacific Gas & Electric Co. 

The list goes on, and the point is clear: One 
way for an exchange to survive is to depend on 
the kindness of its founders. Pantellos is a rare 
bird in that it is “both earnings- and cash-posi- 
tive,” says CEO Jim Neikirk. 

Analysts say most exchanges are under 
pressure from their members to stop being 
cost centers. “We understand that [exchange] 
members are starting to call up and say, 





saved $1.1 billion to $1.2 billion,” with 
returns on their investments at 700% 
to 1,000%. Retailers save on mainte- 
nance, repair and operating equipment 
(known as MRO, essentially all the 
supplies that don’t go into the product) 
and private-label goods. Parnaby says 
the typical member saves 13%, but that 
number rises to 20% if member com- 
panies “pool their spend” with one an- 
other to improve economies of scale. 
Exchanges also point to other corpo- 
rate benefits. According to Wilson, one 
Trade-Ranger member has cut head 
count in its accounts-payable depart- 
ment from 99 people last year to 40. 
Craig Weida, vice president of sup- 
ply chain and administrative services at 
Cinergy Corp., a Pantellos customer, 
says Cinergy has seen a 500% return 
on its investment in the exchange. The 
company now routes 50% of its pur- 
chase orders through Pantellos and has 
seen a dramatic drop in error rates, he 
adds. Pantellos says its members have 
saved an aggregate $315 million since 
the exchange’s founding in 2000. 
Elaine Callas, CIO at Englewood, 
Colo.-based hospital chain Centura 
Health, says that signing on with the 
Global Healthcare Exchange was a ma- 
jor component of a plan that let Centu- 
ra cut the number of steps in its pur- 
chasing process by more than half. Cal- 
las was been sufficiently impressed to 
increase the chain’s use of the ex- 
change nearly 350% from 2002 to 2003. 
Such impressive returns help explain 
why Gartner, Meta and other analyst 
firms predict an exchange renaissance 
over the next several years. If your 
company isn’t part of an industry mar- 
ketplace yet, congratulations — you 
may be poised to reap the benefits 
without having to remove arrows from 


your back. @ 44038 





Ulfelder is a Computerworld contribut- 
ing writer in Southboro, Mass. Contact 
him at sulfelder@charter.net. 


‘Where's the value?’ ” says Meta Group analyst 
Carl F. Lehmann. “Many businesses question 
whether the e-marketplaces can do the [re- 
quired] tasks and do them cheaper. Their value 
is very much in question.” 

The exchanges are very much aware of this, 
and they're determined to make the transition. 
Trade-Ranger CEO John Wilson says, “In 
2004, our business mode! will change. We will 
be paid for the value we deliver, not [treated] 
as a subsidy. All of our customers would prefer 
not to be on an equity ownership basis.” 

~ Steve Ulfelder 
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LAMMER. Bugbear.B. Blaster. 

Sobig.F. 2003 was the worst 

year for virus outbreaks in 

the 20-year history of com- 
puter viruses, declares a report by 
F-Secure Corp. in San Jose. It was a 
growth year for spam, too, and by De- 
cember, 62.7% of all global e-mail was 
spam, say researchers at U.K.-based 
MessageLabs Inc. 

So it’s not surprising that CIOs re- 
port that viruses and spam are their 
biggest concerns regarding e-mail, ac- 
cording to a survey by messaging con- 
sultancy Ferris Research Inc. and Com- 
puterworld. On a scale of 1 to 4, with 4 
being “one of my biggest headaches,” 
viruses and spam tied with an average 
rating of 3.2, leading the list of messag- 
ing issues in the survey (see chart). 

“Viruses and spam? That sounds 
right to me,” says Robert W. Reeg, se- 
nior vice president of systems develop- 
ment at MasterCard International Inc. 
in O’Fallon, Mo., commenting on the 
survey results. “We’ve certainly fo- 
cused on those areas.” 

The Web-based survey had 60 valid 
responses from CIOs and other IT 
managers at the vice president level or 
higher, so it reflects the thinking of se- 
nior executives, not midlevel messag- 
ing managers. Instant messaging, for 
example, ranked as a low concern for 
these CIOs, but would probably have 
been a more significant concern for 
messaging managers. 

Anecdotally, IT managers are wor- 
ried that virus writers are getting 
faster at exploiting flaws, which raises 
the specter of zero-day attacks [Quick- 
Link 43503]. Last summer’s Blaster 
worm, one of the most virulent and 
widespread ever, hit the Internet bare- 
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ly a month after Microsoft Corp. re- 
leased a patch for the software flaw it 
exploited. A variant called Nachi, car- 
rying a dangerous payload, hit users 
less than a week later. 

Spam ranked as a top concern across 
all organizations, regardless of their 
size, industry sector or mail system. 
The problem affects not only end-user 
productivity, but also adds administra- 
tive chores for the IT organization. 

A study by Nucleus Research Inc. in 


Top Five 
Virus control 


Spam control 


Regulatory compliance: privacy 


Microsoft Office pricing 


Denial-of-service attacks 


Bottom Five 
Instant messaging from wireless devices 


Too much downtime 


Migrating between e-mail packages 
1.7 


Moving messaging servers to Linux 


LO 


Using the mainframe as a messaging server 


44 
1.9 


Base: Ferris Research/ Computerworld survey of 60 CiOs 
or vice presidents of IT. 


Wellesley, Mass., found that IT admin- 
istrators spend an average of 4.5 hours 
per week managing spam-related prob- 
lems [QuickLink 41896]. Plus, CIOs 
may feel under pressure to “fix” the 
spam problem, which is a major irritant 
and embarrassment in the workplace. 

The next biggest e-mail concern for 
CIOs is regulatory compliance, which 
involves two issues: encrypting e-mail 
to ensure privacy and archiving mes- 
sages to ensure good record-keeping. 
As might be expected, these issues 
were especially important to health 
care providers and financial services 
firms, which face the most regulatory 
scrutiny under new laws such as the 
Health Insurance Portability and Ac- 
countability Act and the Sarbanes- 
Oxley Act. Surprisingly, managers in 
health care report greater concern 
about archiving than their counter- 
parts in financial services do. 

Another unexpected result is that 
CIOs are increasingly concerned about 
coping with denial-of-service attacks, 
giving that a rating of 2.5. Elsewhere in 
the survey CIOs seem unconcerned 
about e-mail downtime, but apparently 
they worry about hacker attacks that 
could disable e-mail service for ex- 
tended periods. 

Microsoft Office pricing and soft- 
ware licensing issues are of high to 
moderate importance to most respon- 


How We Did It 

Conducted in November and December of 
2003, the survey asked about the e-mail con- 
cerns of ClOs and IT executives at the vice presi- 
dent level or above. Computerworld e-mailed 
subscribers asking them to fill out an online 
survey. The replies were winnowed to 60 valid 
responses, representing 240,000 mailboxes, 
nearly all of themin the U.S. 

Respondents were asked to rate their level 
of concern about 26 messaging issues using a 
four-point scale ranging from 1 (“not anissue | 
think about”), 2 (“a minor concern”), 3 (“ama- 
jor concer’), up to 4 (“one of my biggest 
headaches”). 

Respondents came from a variety of indus- 
tries; the most heavily represented were finan- 
cial services, education, health care and manu- 
facturing. Just over half of the respondents run 
Exchange as their main e-mail system. About 

! 15% use Notes as their main e-mail system, 

, and about 15% use GroupWise as their main 

i e-mail system. About 75% of the responding 
organizations have more than 250 employees. 
; = Computerworld research manager 

i Mari Keefe assisted with this survey. 
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dents. These issues cut across all types 
of mail systems; in fact, Lotus Notes 
users are more concerned about Office 


pricing than Exchange users are 


No Worries, Mate 


Almost as interesting as the CIOs’ 
biggest e-mail concerns are the issues 


about which they show the | 


“ast con- 
cern: e-mail migrations, Linux and us- 
ing mainframes as e-mail servers. 

Ranking the average response rates 
somewhat masks the reality that for 
each issue, some fraction of the user 
population is deeply concerned. So, for 
example, migration to Linux isn’t a pri- 
ority for most managers, but it’s a top 
priority for a few. 

Still, the general lack of interest in 
Linux is a surprise, perhaps driven by 
the reluctance or inability of Lotus 
Notes, Microsoft Exchange and Group- 
Wise users to migrate to Linux. An 
exception may be GroupWise users; 
Novell Inc.’s recent purchase of SUSE 
Linux [QuickLink 42574] may encour- 
age more administrators to think about 
running Linux internally. 

In the big picture, the survey respon- 
dents have very little interest in mi- 
grating away from their installed e-mail 
systems. Exchange users give migra- 
tion a very low rating of 1.4, while 
Notes and GroupWise users say mi- 
gration is a somewhat higher concern 
(averaging 2.1 and 2.3, respectively). 

The reluctance to switch e-mail plat- 
forms comes in part from the cost and 
hassle of converting end users to a new 
system, Reeg says, citing issues such as 
training and the loss of e-mail archives 
“I don’t see any business case [that 
would justify migrating], unless some- 
one’s on a really antiquated, unsup- 
ported package.” 

And the survey has bad news for 
IBM’s big push to get users to turn 
mainframes into messaging servers. 
It’s a minor concern for CIOs, even in 
Notes shops, and ranked at the bottom 
of the list. 

Perhaps the biggest surprise — for a 
survey of cost-conscious CIOs — is 
that e-mail budget issues such as total 
cost of ownership (TCO) don’t hit the 
top 10 concerns, despite the fact that 
e-mail vendors harp on this issue all 
the time.“We do a TCO analysis for 
our desktops overall, and the cost of 
e-mail is just bundled into that,” says 
Reeg. “E-mail is almost a given, just 
part of your cost of doing business. 
You're not going to choose not to have 
e-mail.” @ 44143 
Ubois is an analyst at Ferris Research in 
San Francisco. 
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Hospital ClOs struggle to cost- 
justify expensive image-archiving 
systems, but the benefits are 
Clear. 


TOUGH 
SELL 


IMAGINE TRYING TO TALK THE CEO of a 
cash-strapped hospital into buying a mul- 
timillion-dollar IT system. It’s not an easy 
chat, but that’s the challenge hospital 
CIOs face when trying to sell management on pic- 
ture archiving and communications systems (PACS). 
The systems capture, store and display patient X-rays 
and other images in digital form instead of on film. 
In fact, many hospitals are balking at the technol- 
ogy’s high price tag. Although PACS have been used 
since the mid-1990s, about two-thirds of U.S. hospi- 
tals haven’t purchased one yet, estimates Jocelyn 
Young, a health care industry analyst at market re- 
search firm IDC. 
However, CIOs who have succeeded in purchasing 
PACS technology can point to advantages such as 
cost savings, improved workflow, better patient diag- 





| eliminating costs associated with 


| can see the ROI easily. In addi- 
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noses and even a competitive advantage over hospi- 


| tals that don’t have the systems. 


“The most obvious cost avoidance is film process- 
ing, as well as real estate savings for film image 


archives. But a lot of the benefits also have to do with | 


improved workflow and eliminating mistakes or mis- 
placed film,” says Young. 

The key to building a business case for a PACS is 
to figure out which part of the business has the deep 


| pockets and passion to push it through, according to 


a recent report by Antonio Garcia, an analyst at Frost 
and Sullivan Ltd. “The simple truth is that PACS will 
cost a great deal of money. Success often depends on 
which department (MIS, radiology, administration, 


| etc.) has the most money for medical IT,” he wrote. 


| Success in the Bronx 


“I have never done an implementation of any system 


| that has so dramatically impacted the way we do 


business,” says Dan Morreale, CIO at North Bronx 
Healthcare Network, one of six regional networks 


| established by New York City Health and Hospitals 


Corp. 

Two years ago, at a cost of $6 million, Morreale’s 
organization went live with a PACS in the Jacobi 
Medical Center and North Central Bronx Hospital, 
which have a total of 870 beds. The vendor was Agfa 
HealthCare, a unit of Mortsel, Belgium-based Agfa- 


| Gevaert NV. 


For Morreale, the task of justifying PACS imple- 


| mentation was made easier by radiology department 
| personnel, who educated physicians about the bene- 


fits of the system. Plus, the IT department had been 


| pushing for a PACS to complete the organization’s 
| conversion to electronic patient records. 


As a result of its PACS, North 


| Bronx Healthcare Network saves 


almost $2 million per year by 


film and paper-based reports 
(see box). “We’ve found that you 





ONY 
leit] 


www.computerworld.com 


At the Cleveland Clinic Foundation, the key to re- 
turn on investment was tying the PACS to the hospi- 
tal information system (HIS) and, specifically, to 
billing processes. 

Robert Cecil, network director for the foundation’s 
radiology and cardiology divisions, says that it’s not 
uncommon for radiology bills to slip through the 
cracks — and sometimes never even get issued — 
when the HIS and radiology information system 
(RIS) are separate entities. Billing paperwork can get 
shuffled back and forth between departments past an 
insurance provider’s 30-day billing deadline. 

“With PACS, you can generate reports with origi- 
nal order numbers from referring physicians, along 
with the radiology images,” Cecil says. “For all that to 
come together, you have to integrate the HIS and RIS 
with the PACS, and then the patient can be electroni- 
cally billed.” 

Vendor consolidation and standardization of hard- 
ware components have also made systems integra- 
tion less difficult. In recent years, a handful of med- 
ical imaging vendors, including Philips Medical Sys- 
tems, Siemens Medical Solutions and GE Medical 
Systems, have snapped up many small suppliers of 
various technologies used in PACS and now offer 
better-integrated systems. This means hospitals no 
longer have to worry about cobbling together PACS 
components from a variety of sources, making imple- 
mentation easier and less expensive. In turn, it’s easi- 
er for IT managers to cost-justify buying the systems. 

That was the case when Canton, Ohio-based Mer- 
cy Medical Center implemented a $4 million PACS 
from Philips Medical Systems four years ago. “The 
PACS acquisitions have cleaned up the market and 
made the selection and integration process a lot easi- 
er,” says CIO Joyce Miller Evans. 

In addition to making work- 
flow more efficient, implement- 
ing PACS as a part of an overall 
electronic patient record system 
can help a health care organiza- 
tion stand out in a competitive 
market. If a hospital can adver- 





| tion, we took the approach that 

| this is a set of tools that provides 
| ahigher quality of care and pa- 

| tient safety. Those are the driving 
| forces,” notes Morreale. 


A PACS can improve patient 


| care because, unlike film, digital 


images are available to multiple 
physicians simultaneously at any 
time, which can speed diagnoses. 
Physicians can manipulate and 


| zoom in on the images to focus 


on medical problems. The digital 


| images are less likely to be lost 


or misplaced as well. And with a 
virtual private network (VPN), 
outside experts located anywhere 
in the world can consult on pa- 
tient cases. 

“Images are almost immediate- 
ly available. One hundred per- 


| cent of our PACS images are 


available to all of our physicians 


| within four minutes,” Morreale 


says. 
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Using a PACS, North Bronx 
Healthcare Network saves $1.9 
TLC iM OLeim (crcl) Aca AnTLAe LATE} 
costs associated with film and 
paper-based reports. The annu- 
al savings break down this way 


$1 million from reduced 
film-processing costs 


$400,000 from eliminat- 
ing labor costs for film 
processing and storage 


$130,000 from lower 

real estate costs, because 
bee Ure MLM em lies 
CM Umm UL UL UR TTET a) 
lm millers (ecm Tle 

to store film 


$400,000 from eliminating 
EVEN M estima elec) 
- John S. Webster 


tise itself as completely filmless, 
with digital medical images and 
records that can be viewed si- 
multaneously from anywhere, 
that can help it attract the best 
medical personnel. 

Indeed, Evans says the IT staff 
at Mercy Medical Center has 
been contacted by competing 
hospitals that want to learn how 
the organization implemented its 
PACS. “It’s a competitive market 
out there, and there’s a real short- 
age of good radiologists,” Evans 
says. “We’re also looking at mak- 
ing PACS images accessible to 
radiologists located anywhere 
worldwide, outside the hospital, 
via a VPN, which will also make 
us stand out.” @ 44162 
Webster is a freelance writer in 
Providence, R.I. He can be contact- 
ed at john.s.webster@verizon.net. 
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Middleware is Everywhere. 


it 


St Po MIDDLEWARE IS IBM SOFTWARE. Powerfu 


IBM \ e° Us an d 
1. New design already tested. 
2. Suppliers already linked. 
3. Procurement already automated. 


4. Blueprints already updated. 
5. Engine all ready for takeoff. 
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Thinklank 


Who’s Driving IT Alignment? 


CONVENTIONAL WISDOM holds that ClOs should make sure 
IT spending is properly aligned with business strategies, and 
if it isn’t, then it’s the C1O’s fault. 

But that thinking is actually an impediment to real IT/ 
business alignment, says Gopal Kapur, president of the 
Center for Project Management in San Ramon, Calif. “The 
precept that IT should align itself with business is a crock. 

That’s like saying that a trailer should align itself with a 
truck. Just imagine a parking lot full of trailers in search of 
a hitch on a truck.” 

In other words, corporate executives (the drivers in the 
truck cab) should be making sure the IT organization (the 
trailer) follows along, Kapur says. “The role of the IT organi- 
zation is to have the right solution to the business problem, being spent and then complain that IT isn’t in alignment. 
not to decide what really needs to be done,” he adds. Whose fault is that?” 

The problem is that senior executives have abdicated their Using a different analogy, Kapur says an investor may have 
responsibility to clearly articulate corporate goals and make a financial adviser who implements the transactions, but the 
sure IT expenditures contribute to those goals, Kapur says. investor should still know how much money is being put 
“They give the CiO millions of dollars and don’t ask how it's where and establish investment thresholds. - Mitch Betts 
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Best Bits | f Things to Ponder 
The most useful parts of recent business IT Priorities: 2004 Given the controversy over whether com- 


and IT management books ; puters really increase productivity, a recent 
Services Blueprint: Roadmap | Mi @sace italy Goldman Sachs & Co. report sniffed that the 


for Execution, by Ravi Kalakota and Marcia debate seems academic. “A practical test 
Robinson (Addison-Wesley, 2003) : | would be to take them away and return to pa- 
Take today’s buzzwords - e-business, Web 3. Application integration per ledgers, green eyeshades and typewriters 
portals, the real-time enterprise, adaptive sup- | and see what happens.” 
ply chains, enterprise application integration A Gartner Inc. survey of 113 senior execu- 
= and Web services - Base: Survey of 75 U.S. and 25 European CIO: tives in Europe found that most of them view 
throw them into a CiOs as risk-averse, not very influential on 
blender, and you've got strategic matters and not long-term thinkers. 
one big megatrend, the ments are supposed to play arole in achieving | Furthermore, most of these executives think 
authors argue. “This that goal. The winners in “services digitization” | their IT departments are poorly prepared for 
Wide-ranging transforma- | will also have superb execution. the future. 
= tion is the use of technol- The best example of single-minded focus | ® Corporations are ramping up their efforts 
ogy to digitize complex and superb execution has got to be Wal-Mart to comply with the Sarbanes-Oxley Act, 
services,” they say, citing | Stores Inc., a company so successful that it but they aren't spending big bucks on more 
well-known IT success stories at companies now constitutes almost 2% of the U.S. econo- | IT applications and systems. A poll conducted 
such as General Electric Co., Dell Inc., South- my. Wal-Mart's focal point? “Every day low by Meta Group Inc. found that 57% of IT ven- 
west Airlines Co. and Amazon.com Inc prices” (known as, you guessed it, EDLP). The | dors have been disappointed by the lack of 
The services blueprint the title refers to | whole point of Wal-Mart's extensive technolo- | sales being generated by Sarbanes-Oxley 
begins with a single overriding business | gy and supply-chain empire - from the data initiatives. @ 44159 
goal, or “focal point,” like being easy to do | warehouse to the store replenishment systems 
business with (known in this book by the acro- | - is the relentless pursuit of that goal of, um, AN Send them to 
nym ETDBW). Then, all technology invest- | EDLP. - Mitch Betts pitches@computerworld.com. 
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4. Sarbanes-Oxley compliance 
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Middleware is Everywhere. | Can you see it? 


MIDDLEWARE IS IBM SOFTWARE. Soft 
1. Verifies insurance on the spot. 

2. Files digital claim in an instant. 

3. Approves estimate at the site. 

4. Orders new bumper at the scene. 


5. Receives settlement in a snap. 
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Drug Developer 
Outsources to IBM 


Covance Inc., a Princeton, N.J.- 
based drug development services 
provider, has reached a seven- 
year, $180 million outsourcing 
agreement with IBM. Under the 
deal, IBM will manage Covance’s 
computer and telephone network, 
computer support, e-mail system, 
help desks and data centers in 18 
countries. Covance expects to 
reap benefits from helping its 
pharmaceutical and biotechnolo- 
gy customers market new drugs 
faster and more efficiently. The 
deal will also free up Covance to 
focus more on its IT applications 
portfolio. 


Bank Outsources 
Core Processing 


Commerce Bank and Trust Co. in 
Worcester, Mass., in March will 
start outsourcing its core ac- 
count-processing technology for 
debit cards and deposit and loan 
accounts to Aurum Technology 
Inc. in Plano, Texas. Commerce 
Bancshares inc., the holding 
company for Commerce Bank, 
cited the need for more main- 
frame processing power after a 
capacity study showed that Com- 
merce Bank's 18-year-old Unisys 
system was reaching its limits. 
The bank has increased its as- 
sets from $350 million five years 
ago to $1 billion today. It wiil con- 
tinue to perform item processing 
in-house. 


Zions Bank Installs 
Analytics Software 


Zions Bancorporation in Salt 
Lake City has entered a business 
analytics software licensing and 
consulting agreement with Mil- 
waukee-based Metavante Corp. 
Zions has more than $27 billion 
in assets and operates more than 
400 full-service banking offices 
throughout eight Western states. 
The new software, Business In- 
telligence Center, will provide a 
companywide view of the busi- 
ness units, products and cus- 
tomer behavior. 
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OME OF THE MOST IMPORTANT lessons 
I’ve learned about transforming organiza- 
tions came from the struggle to shed an un- 


pleasant habit. 


During high school and most of college, I 


was a fingernail biter. It’s 
one of those nasty nervous 
habits that no one feels 
good about. My jagged, 
raggedy, nibbled, nubbin 
nails were a constant 
source of embarrassment. 
Oh, I tried to quit many 
times. I tried going cold 
turkey. I tried fining myself 
for every transgression. 
I tried putting foul sub- 
stances on my fingers. But 
every attempt ended with 
the same result: a return to 
the habit and lower self- 
esteem from my failure 
of will. 
That all ended when I 
decided to try a completely 
different approach. One Sunday, I re- 
solved that on Monday, I'd stop biting 
the pinky nail on my right hand. It 
would continue to be open season on 
every other finger. So on Sunday night, 


I filed the edge of that one nail smooth | 


and waited for morning. 


For an entire week, I happily chewed | 


on nine nails, and every time I drew a 
finger toward my mouth, I looked at 
that one smooth nail. It looked good, 
and I liked it. There were still plenty 
of other nails to satisfy my habit. It 
wasn’t too difficult to keep that one 
unbitten. 

The following Monday, I added a 
second nail to the forbidden fingers. 
On Sunday night, I filed the nail on my 
right ring finger smooth and waited 
for morning. And for a week, I had 
eight fingers to fulfill my cravings and 





two to display my achieve- 
ment. 

Then each week, I added 
another finger to the clean 
collection. By the 10th 
week, I’d completely lost 
my desire to nosh on nails. 
And now, decades later, I 
can happily report that 
neither the habit nor the 
desire has returned. 

So, what does this have 
to do with organizational 
change? What can finger- 
nails communicate about 


how to improve the perfor- | 


mance of your manage- 
ment teams and projects? 
As we all know, changing 

the culture and behavior of 
technical groups is very difficult. Most 
attempts to improve how groups func- 
tion fail miserably. The experience 
of the change is unpleasant, and the 
transformations are usually temporary. 
New processes are ignored. Dysfunc- 
tional behaviors return. Old habits die 
hard. 

But I have found that a few princi- 
ples drawn from my fingernail experi- 
ence can help improve the chances of 
success. 

Don’t try to fix everything at once. Just as 
with technical projects, scope control 
is critical to success. Since efforts at 
organizational change are painful and 
can distract attention from immediate 
deliverables, most leaders want to ini- 
tiate them as seldom as possible. So 
the natural result is trying to change 
everything at once. 
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But just as small technical projects 
are more likely to succeed than large 
ones, incremental organizational 
changes are much more likely to stick 
than radical transformations. 

With the fingernails, one of the keys 
to success was realizing that I had 10 
small problems, not one big one. My 
problem wasn’t that I bit my nails, but 
that I was gnawing on 10 distinct fin- 
gernails. Trying to fix one at a time 
proved much easier than trying to fix 
all 10 at once. 

Make progress constantly visible. During 
the 10 weeks during which I was work- 
ing On quitting, it turned out to be 
very helpful to see the smooth-edged 
nails of progress. Even though I knew I 
was still engaging in the bad behavior, 
every time I lifted my hand to chew on 
a nail, I saw the physical embodiment 
of progress toward my goal. That 
transformed every experience during 
the process from a failure to a success. 
Rather than descending a spiral of fail- 
ure, I felt I was climbing the spiral of 
success. 

So it is with organizational change. 
People have to see the signs of their 
own reformation. As the process of 
change goes forward, we need to be 
constantly aware of our successes and 
of the road left to travel. 

Be patient. Lasting and valuable trans- 
formations don’t happen overnight. 
Just like New Year’s resolutions, stick- 
ing with the ongoing process can be 
the hardest part. 

So when you're ready to improve the 
effectiveness of your group, think 
carefully about the features of your fu- 
ture group, look down at your finger- 
nails and plan how you're going to 
claw your way through the process of 
change. @ 44167 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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While some of the nation’s leaders are quick to 
identify the top technical skills needed for IT 
professionals, they are more vehement and 
passionate about what they consider to be a 
missing skill: communication. 


The hue and cry from five of the premier leaders 
in IT is that information technology professionals 
must be able to communicate ideas effectively to 
non-technical users, that they must be able to write 
coherently and that they must be able to put on the 
face of the end-user, identifying how best to adapt 
technology and assure that users can access it with 
minimal training. 


Brian Leinbach, CTO for Delta Technology (Delta 
Air Lines’ IT function) says, “Your technical ability 
has no value if you can't communicate the business 
relevance of it. With technical degrees, graduates 
get maybe two semesters of English, yet in the real 
world it’s the first thing you have to do.” 


Of course, Leinbach and other top leaders, also 
know the technical challenges that exist — and 
provide exciting opportunities for IT professionals. 
“We have a great emphasis on real-time 
computing,” he says. “We need processes and 


Advertising Supplement 


solutions that enable decision making. In airlines, 
things have grown more complicated by our drive 
to want to compress time — for us that means every 
system that enables a flight.” 


Harry Roberts, senior vice president and CiO for 
Boscov's Department Stores, says the hottest skills 
for IT professionals will be networking, database 
administration and continued focus on JAVA, J2EE 
and XML languages. “These are the skills that hit 
business right where they live data and 
communications.” 


In the healthcare industry, the use of wireless 
technologies “is exploding,” according to Linda 
Reino, ClO at Universal Health Services Inc. “It's all 
about mobility for the healthcare provider. That 
means using browser-based technologies in an 
intuitive way that reduces training. In developing 
these technologies (such as tablets, PDAs, laptops), 
the IT professional has to stop dreaming and get 
down to the real operational issues of how often 
that nurse or doctor puts the mobility device down, 
its susceptibility to loss, theft or corruption of data 
That also implies a real need for security of 
information and data, too.” 


1 mile 





Responsible for next generation network tech- 
nology options; developing high performance 
data/voice/video designs; strategic analysis 
plan and design of enterprise communications 
architecture which integrates voice, data and 
video communications technology. Participates 
in enterprise information technology initiatives 
design building and installation of complex net- 
work environments. Must understand the 
mechanics of network transmission at all 7 lay- 
ers of the OSI model; experience in coordina- 
tion, advising, consulting, and general network 
implementation, design and security concepts 


Fingerprinting/background check required 


For more information and to apply, go to: 
http://ucsfhr.ucsf.edu/careers 
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Mark Hedley, senior vice president and CTO at 
Wyndham International, points out that the skills 
required for technical vs. business IT roles are 
different. “If you favor the highly technical route, 
the ability to gain as much knowledge about that 
specialty, such as J2EE development, IP networks, 
telephony, and how best to apply it is going to be 
very beneficial. | describe these individuals as an 
inch wide and a mile deep.” Hedley points to 
technical needs in advanced network engineering 
skills, as well as certifications from Cisco 


The management track, on the other hand 
requires skills in leadership, management, human 
resources, legal, financial, operational and 
relationship building. “These individuals have 
technical skills that are a mile wide and an inch 
deep and will seek the best technical resources to 
form a team” 


For more information about IT Careers advertising, 
please contact: Nancy Percival 

Vice President, Recruitment Advertising 
800.762.2977 

500 Old Connecticut Path 

Framingham, MA 01701 

Produced by Carole R. Hedden 
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OUR PEOPLE MAKE THE 
Difference waumart...... 


We’re Looking for the Future Leaders of Tomorrow 


Wal-Mart Stores, Inc. has been recognized by Fortune 
Magazine as the most admired company in the world. 
As our company continues to expand, so does the 
opportunity for first-class, talented people to guide 


the future of one of the most successful and 
innovative growth companies in the world. 


Put your career on a fast climb and help us continue to 
set the industry standard in information technology 


* UNIX - C, C++, Administration, Engineering, 


Informix DBAs 


our team should forward a resume to 


Wal-Mart Information Systems Division 
Attn: Recruiting Department 

805 Moberly Lane M4! 

Bentonville, AR 72716-0560 

E-mail: ISDADS@wal-mart.com 


For more information, visit our Web site at 
Ww ww.walmartstores.com 


* NT Workstation - VB,VC++, Java, ASP, XML 
* IBM Mainframe - COBOL, CICS, DB2 and 


iMS DBAs 

* Networking - Ethernet, VSAT, Frame 
Relay, ATM 

* Telecommunications 


All positions are located in Bentonville, AR. 


WalMart ts An Equal Opportimity Employer. M/F/D/V 
*2000 Wal-Mart Stores, lnc. 
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Ready to do it all? Candidates interested in joining 





DATA WAREHOUSE 
SPECIALIST 


Resp. for dsgng, impimntng & 

supporting bus.-oriented data 

warehousing projects for co's 

lients. S 

) impin bus. rules via 
4 7 middleware 
her rela chnologies; (ii) 

defining user interfaces & func 


al specs based 


maintaining, 


warehouse & 


t reqd 

a) UNIX NT 

LINUX; (b 

Oracle or 

9 DB2 

nos or 

of ETL 

and load) 

40 

hrs/wk, 8am - 5pm, $66,730/yr 
Qualified applicants please sub- 


mit resume to: Mon Valley 


Programmer Analyst: Desigr 
server/ERP 
Win2000 


w/ Together- 
ompts inc 
DAO, JDBC 
WebSphere/WebLogic 


servers using XML 


COMM 

appls 

vd reports using 
Oracle Financials 
and provide 

rt. Requires BS in 
S plus 2 


sme tc 

y Mitchell Group, Inc 

S Hanley Rd.Ste.1100, St 
NO CALL 


UmeVoice C oftware 
Engineer f ors NJ loc 
Design + dev speech enabled 
trading ti n-speect 
nm onents On vanous 
ftware platforms 
dows NT/XP 
needs 
2 reqs 
lems to improve 
+ speech appli 
le specs docs; Work 
on technolog nc! Voice Recog 
BM Viavoic J2EE, .NET, 
va, C++, C#. Must have BS in 
Comp. Sci, Engineering or relat 
vant exp 

JmevVc 

Novato 


Inc. has multiple open- 


skills preferred: Oracle, SQL 
PL/SQL, COBOL, C/C++, VB 
SAP, Java, XML, ERP, ASP, NT. 
XSL. Minimum BS degree. Tra- 
veling is required for some posi- 
tions. Please send resumes to 
resumes@corpusinc.com. EOE 


Global! Consulting is looking fo! 
programmer/system analysts 
software engineers. Candidate 
must have BS with IT experi- 
ence. Good skills in C/C++ 
Java, Oracle, EJB, J2BB, Web- 
Logic, VB, HTML are plus 
Traveling is required for some 
positions. Apply job@g-c-g.net 
EOE. No calls 
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SOFTWARE DEVELOPERS 
Develop standard features, inter- 
faces and complex modules for 
existing or new software prod- 
ucts to provide major feature 
impleme on to client base of 
standard customers. Actively 
participate in innovative new de- 
signs, technologies, research 
projects and their implementa 
tions. Learn new proprietary 
ologies and development 
ols, developed in-house, as 
well as adapt to non-SQL type 
databases. Effectively co 
expert research findings on 
S to a wide audi- 
to emphasize 
and com 


Develop utilities to assist in 
€ quality control of the features 
Denings) 
nputer Sci- 
1ce or related 5 years of 
experience ir offered or in 
software iting; must have 5 
years experience programming 
nust also 

3 years working w 

abases (Sybase, Mic 
le); devel- 
lienUserver applications - 
tier and 3 tier; develop- 
leware technologies 
OM, CORBA, CGI 
ISAPI); and development in a 
ab environment (Active Server 
JavaScript). Must have 
egal authority to work in 
ited States. Send resume 
Social Security Number to 
Weston, Ontario Sys- 
tems, 1150 West Kilgore Avenue 


V.L.S. Systems is a software 
development and consulting co 
with multiple openings for Soft- 
ware Engineers, DBA's, Pro- 
grammer Analysts, QA Testers 
and Project Managers to work 
at client s in VA, IL, PA and 
other sites throughout the U.S 
individuals must have a mini- 
mum of a Bachelor Degree and 
two years relevant experience 
We are se individuals with 
various combinations of the fol- 
lowing | skills: Siebel, Oracle 
Apps, Peop t, SAP, MS 
SQL, SCADA, DB2, Sybase 
Abinitio, Tuxedo, OLAP, ETL 
development, Business Miner. 
VSAM, Mercator, Endevor. 
SeeBeyond, C#, C++, VC++ 
ASP.NET, .net technologies. 
Business objects, Java, J2EE 
JNDI, Java Script, EJBs, Cold- 
fusion, Perl, HTML, Cobol 
cics MVS/ESA Unisys 
SOM+, MTS, Cognos, Web- 
sphere, Weblogic, WSAD 
MVC Architecture, Unix, Win- 
dows NT, embedded related 
tools. Apply to: V.L.S Systems, 
9900 Main St, Suite. 304 


Fairfax, VA 22031 


PROGRAMMER ANALYSTS 
for Cheyenne, WY office. Devel 
op & maintain software applica 
tions using Oracle, SQL Server. 
Erwin, Linux, Sybase, XML 
UML nterwoven, Coolgen 
ClearCase, ClearQuest, Plum- 
tree, PVCS, UNIX. Bachelors or 
Equivalent reqrd in Computers. 
Engineering, Math or related 
field of study + 1yrs of related 

0 hrs/wk; Must have legal 
authority to work permanently in 
the U.S. Send resume to HR 
Manager, Globalways, Inc 
39176 B, State St, Fremont, CA 
94538 


PROGRAMMER ANALYSTS 
for Cheyenne, WY office. De- 
sign & Develop software appli- 
cations using C++, Oracle 
Sybase, XML, UML, Coolgen 
Interwoven, ClearCase, Clear- 
Quest, PVCS, UNIX. Bachel- 
ors or Equivalent req'd in 
Computers, Engineering, Math 
or related field of study +1 yrs 
of related exp. 40 hrs/wk. Must 
have legal authority to work 
in the US 
Global 
Infotech Solutions, Inc, 826 
West Laurel Suite 1B 
Springfield, |L-62704 
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Computer Programmers 


Design and develop Data 
warehousing and Business 
Intelligence solutions. 


Min Educ Bachelor's 
degree or equi. Some posi- 
tions require Master's 
degree or equi. Min. Exp. 2 
years. Job may involve 
working at various locations 
throughout the US 


Please send resumes to 
Selectiva Systems, Inc 
3333 Warrenville Rd 
Suite 200 
Lisle, IL 60532 


Global Innovative Solutions, Inc 
has opening for Chief Financia’ 
Officer w/Masters or equiv in 
Finance Admin. Bach w/at least 
5 yrs progressive exp in job offd 
or as Accounts Officer or CEO 
acceptable. Responsibilities incl 
overseeing all corporate fin'l & 
acctg functions in US & India 
Offices, & formulating & adminis- 
tering co's overall fin'l plans & 
policies. Must have knowl of 
Transfer Pricing, Concepts of 
Costing on Cost Drivers, Mgmt 
Audit, & US & Indian tax laws, & 
nave legal auth to work in US 
Excellent pay & benefits. Email 
resume wiproof of work status 
to: gis@global-innovative.com 


Computer 

Channell Construction Com- 
pany, Inc. (Omaha, NE) has 
an opening for an IT Consul- 
tant/Systems Analyst with 
the following skill sets: C++ 
Visual Basic, Java, Java- 
Script, Oracle, HTML, ASP, 
Photoshop, UML, Microsoft 
Office Package, Windows 
NT & 2000, UNIX, TCP/IP, 
with 1-3 yrs of exp with rele- 
vant degree. Top $$. Mail 
resume to: 5697 N 13th St 
Omaha, NE 68110. An EEO 
Employer 


Software Engineer 
needed w/exp in using 
Java, JFC, Swing, 
AWT, Windows, GUI 
Java-Doc, HTML, 
UML, i18 architecture, 
XML, SAX & DOM 
parsers. Mail resumes 
to: Ebusinesscorp Inc., 
209 West Central St., 
Suite #106, Natick, MA 
01760 


Computer: Software Engin- 
eers needed. Seeking can- 
didates with BS or equiv. 
and/or rel. work exp. De- 
velop software system & 
applications using ESM w/ 
client to improve technology 
& human resource interfac- 
ing; Analyze & design pro- 
grams to meet user needs 
Mail res., ref. & trans., & 
Sal. Reg. to L-Cube 
Innovative Solutions, Inc., 2 
Enterprise Dr., Suite 303, 
Shelton, CT 06484 


Software Engineers/Data Base 
Design Analysts, Cheyenne, WY 

Analysis, Design, Develop- 
ment, Testing and _ Imple- 
mentation of computer software 
systems, applications and data- 
base systems. B.S. in Computer 
Science, Eng., or related field 
with experience in C, C++, ASP, 
VSS, SQL Server, XML, and 
NET. Mai resume to 
DatamanUSA, LLC, Attn. HR 
1107, West Sixth Avenue 
Cheyenne, WY 82001 or email 
to Jobs_WY@datamanUSA.com 


R & D PROGRAMMER 

Research, develop, program & 
test web applications in English 
& Korean using Perl, CGI 
HTML, Coldfusion & MySQL on 
Windows & Linux; QA, debug 
test & create reports; Identify 
program modules & research for 
web site development; On-line 
tech support & solutions in 
English & Korean; Require: B.S 
in Comp. Sci. or IT & 2 yrs. exp. 
in job offered. 40 hr/wk. Res 
President, 300 Colonial Cntr. 
Pkwy. #150, Roswell, GA 30076 


Seeking DBAs & Oracle 
DBAs ($70-75K), Oracle 
Proc Developers & 
Systems Analysts ($83- 
85K) for various US loca- 
tions. BS/BA in relevant 
field + 2yrs exp. Resume to 
Upp Business Systems 
3075 Highland Parkway, 


Downers Grove, iL 60515 


Programmers to design software 
appis using RDBMS, Oracle 
Databases, Informix-4GL, Infor 
mix Online, SQL Server, VB 
Power Builder, etc. under UNIX 
OSs; program, test and debug 
user interfaces and supporting 
database objects; analyze, re- 
view, and rewrite programs to 
increase operating efficiency 
and adapt program to new reqs 
Require candidates with BS or 
foreign equiv. in CS/Engg. (any 
branch) & 1 yr exp. in IT. Com 
petitive salary, F/T, travel in 
volved Resume to HR 
Ordusion Technologies, inc 
3883 Rogers Bridge Road, Suite 
504, Duluth, GA 


Website Designer 


Design websites in French 
French/Japanese, and English 
Japanese using HTML, Adobe 
Photoshop, Adobe Illustrator, 
Macromedia Fireworks, Mac- 
romedia Dreamweaver, Mac- 
romedia Flash, QuarkExpres: 

Microsoft Word, Microsoft Ex- 
cel, Microsoft PowerPoint, PC 
and Mac platforms. Min: BA in 
French or Japanese. 40 hr/M- 
F. Send resume: Symbiosis 
Systems, Inc, 7094 Peach- 
tree Ind. Bivd., Suite 370, 
Norcross, GA 30071-1024. 


IT|careers.com 


iT careers 


Ord 2 fod + feanures & tips > post 2 job + advertieer toots 


Orme Oem @ 
Welcome to IT Careers 


Gnd 2 joo 


Cams tet com te pou ow ms 


careers 


www.itcareers.com 


is the place where 
your fellow readers 
are getting a jump on 
even more of the 


world's best jobs. 


Now combined with 
CareerJournal.com, 
you have more jobs 


to choose from. 


Stop in for a visit 


and 


see for yourself at: 


www.itcareers.com 


Cwo40202E/WwiMw 2 





Prog/Analysts to analyze, de- 
sign, develop and implement 
client server, web applis using C 
C++, Java, Swing, XML, HTML 
JDBC, HTML, JavaScript, JSP. 
ASP, EJB, J2EE, Oracle, PL 
SQL, Websphere, Weblogic un- 
der UNIX/Windows OS; docu- 
mentation program develop. 
ment, logic, coding and correc 
tions; provide customer support 
and troubleshoot. Require: BS 
or foreign equiv. in CS/Engg. 
(any branch) with 2 yrs of exp. in 
IT. Travel Involved. Comp 
Salary. F/T. Resumes to: HR 
Synergy America, Inc., 6340 
Sugarloaf Parkway, Ste 140 
Duluth, GA 30097 


PROGRAMMER ANALYSTS 
for Casper, WY office. Design 
& Develop software applica- 
tions using C++, Oracle 
Sybase, XML, UML, Cooigen 
Interwoven, ClearCase, Clear- 
Quest, Plumtree, PVCS, UNIX 
Bachelors or Equivalent req'd 


alee bacterusneeyed 


Programmer Analyst fil. Pro- 
vide programming support for 
mutual funds, annuities, retire- 
ment plans and commission 
tracking/payment systems in- 
cluding full life-cycle application 
support, analysis, design, de- 
velopment, system modifica- 
tion, testing, set-up, reporting 
and creation of documentation 
Develop Microsoft client server 
and web development solu 
tions for company’s customers. 
Must have Bachelor's in Comp 
Si Engg. or related 

exp and knowledge 
NaviSys LifeCAD/MP (Home 
Office), Microsoft SQL Server 
2000 and XSLT. Send resume 
to: Connie Reynolds, Human 
Resources, Security Benefit 
Life Insurance Co One 
Security Benefit Place, Topeka 
KS 66636. 


Prog/Analysts to analyze, de- 
sign, test client server/web appis 
with OOAD methodologies using 
Java, VB, EJB, Serviets, .'Script 
XML, HTML, Oracle, SQL 


Research & Applications Spec- 
ialist - Dvip large complex em- 
bedded real-time systems & 
commercial enterprise systems. 
Plan & direct dvipmt, installation 
maintenance & modification of 
mission-critical applics on large 
multi-user systems. Lead & pro- 
vide research & engg direction 
MS + 5 yrs or PhD + 2 yrs exp 
reqd. Must have 1 yr exp in C, in 
C++ & Java, 6 mos w/SAGE 
Integration technologies, 1 yr ir 
DSP using VxWorks, 1 yr in 
enterprise chitectures, 1 yr 
w/source control dvipmt 

6 mos in dvipg algorithms spe- 
cific to resource optimization 
techniques 


Software Architect - Research 
dsgn, dvip & test operating sys: 
tems-level s/ware, compilers & 
n/work di: ution s/ware f 
embedded real-time & ent 
prise applics. MS + 3 yrs, B! 
yrs or PhD + 
Must have 1 yr exp w/each of 
SAGE Integration & SPI tech 
nologies; 2 yrs combined exp 
w/embedded systems dvipmt 
methodologies & real-time oper 
ating systems frameworks 
VxWorks, PSOS 


yr exp reqd 


Competitive Salary & benefits 


alee a eete es 


PROGRAMMER/ANALYST to 
analyze, design, develop and 
implement digital imaging appli- 
cation software for medical 
imaging devices using C, C++ 
VC++, MFC, XML, COM 
JavaScript and HTML on 
Windows 2000 platform some of the following skills: ERP 
Implement an embedded mod- (SAP, PeopleSoft, Oracle Apps 

ule in Tornado and IxWorks for Baan) CRM (Seibel, Clarify 

calibration of hardware to Vantive), C/C++, Java, Microsoft 
acquire cardiac and RF images Technologies (Visual Basic 

sing COM HTML and Net, ASP), Data Warehousing 
JavaScript; Develop detailed Tools (informatica, Data Stage 

design documents and technical Abinitio, Business Objects, Cog 

specifications as part of DCP nos, Micro Strategy, Brio, SAS 

process during product devel- Mainframe (Cobol. CICS, JCL 

opment. Require: 6.S. degree in VSAM) AS400, Databases (SQL 
Server /Oracle /DB2 / Sybase) 

and QA (Win Runner, Load Run 

ner, Silk) in Windows (95/98. 

2000/NT/XP) and/or UNIX (Sun 
Solaris/HP/AIX) and/or Linux op 

erating systems. Must be able tc 

travel or relocate nationwide 

Attractive compensation pack 

age. Mail resume to: resumes@ 
‘isrinfo.com Or Human Resour 

tes Director, ISR Info Way, Inc. 

559 D'Ono Drive, Suite 101 

Madison, Wi 53719. Only 
email/mailed resumes accepted; 
(No Walk Ins) 


Software Engineer/ 
Programmer Analyst 
Systems Analyst/ 
Database Administrator 
(Multiple Openings) 


Must have bachelors degree or 
equivalent and experience ir 


Computer Science/Engineering 
or a closely related field with 2 
yrs exp in the job offered; A 
M.S. degree with a demonstrat- 
ed ability to perform the stated 
duties gained through academ- 
c coursework/previous work 
experience will be accepted in 
eu of the B.S. degree and 2 yrs 
of exp. Competitive salary 
offered. Send resume to: Amy 
Ryan infimed Inc 121 
Metropolitan Drive, Liverpool 
NY 13088; Attn: Job AP. 


KMI, a division of PAREXEL, is 
looking for an IS Consultant 
Validation for its RTP office at 
2520 Meridian Parkway 

200, Durham, NC. Positior 
provide broad range of cor 

ing services ‘or IS & IT 
mplementation and 
consulting on appropr 

ment validation strategies 

ng documer yn, and SDI 
related documents. Must have 
Bachelor's or equ C 

Science, Elect Engg or related + 
6 yrs wi SDLC, project manage 
ment, & software quality assur 
ance & implementation 


yrs, must have yr w/Ora’ 


PL/SQL, SAS programming, 
dation, Oracle clinical b 
research data management 
SAS based statistical report 
systems in a clinical field. Se 
resume to HR Job #102 
KMI/PAREXEL 1 Ww 
Street, Waltham, MA 02451 
HR@parexel.com 


Apply to: Human Resources 
S SYNAPSE GROUP, INC., a User Support Analyst, Aurora Manager of Clier 

CO. BS Engineering, Comp The position 

Manager requires the ir 

to manage the staff 


supervisors, leads and ass 


JDBC, Access, Weblogic, etc in Tom ee 
Windows OS : : Tandel Systems | 
Windows OS; analyze business 62nd Street North leading computerized magazine 
processes, determine reqs, gen- Largo, FL 33773-3786 marketing company, is looking to 
erate reports; perform onsite/off- hire a qualified Database . 
\ the -F / 8 am - 5 pm 
hrs/wk. Must have legal site maintenance; document Administrator to set-up and = po oe Sa Pp 
maintain the internal data ware $41,850 per yr. Solve tech prob 
house database and the related lems & monitor ntwrk equipt 
IIS site functionality; to integrate Maintain LAN/WAN security for 
the database/content serving internal & external users. Utilize 
modules in both SQL Server and in depth knowledge of trou aa alietces aie aaled 
Oracle environment g. training and motiv 
dra nvironments; and to bleshooting procedures, routers s 

2lop internet applications for 

uality control and manage- 
ment of document and market 

accounts. Qualified appli 

ts are required to possess at 


in Computers, Engineering 
Math or related field of study 
+1 yrs of related exp. 40 CIS or equiv.+ 1 yr exp. in 


authority to work permanently debug, test, perform code opti 
in the U.S. Contact HR mization. Require: BS or foreign 
Manager Allied Business equiv. in CS/Engg (any branch) 
Consulting, inc., 2906 Merry & 2yrs exp. in IT. Competitive 


Wood Drive, Edison, NJ-08817 


IndusValle ates. They are responsible for 


a global IT systems 

and solutions firrr 

for the following 

salary. Travel involved. F/T. Res gineers: Research itect 

ume to: HR, Bahwan Cybertek integrate distributed applicat 

Technologies, inc., 209 West ng , 

Central Street, Ste 312, Natick ee 

MA 01760 Tiber > ties 

COMPUTERS - Sr. Software complete den 

Consultants needed. Seeking code, perform t provide ast a Bachelors degree in dinate, requisition & doc. inte 

Engineering, Computer Science gration of fast connectivity 
t's equivalent. Sound know! issues involving LAN/WAN & 


RAS connections. Utilize ser 


hinng, performance appraisa’ 
salary management, terminat 
decisions ipline, cour 


Technical Manage 


addition, ihe 
& routing protocols. Use LAN. will review subo 
WAN protocols, ntwrk cabling mance and 

RG 58, CAT5 & Fiber Optic), & mends appropriate tra 


existing security features. Cc They are further responsible 


ates pe 


Ss and re 


ensuring department re 
documentation. and (i.e. capital and staff) neec 


development project: 


qual. cand. possessing MS/BS 
or equiv. and/or rel. work exp 


Software Engineer wanted 


brought to the attention 


sdge in internet applications next level of manemement 


Master's Degree in Comput edge i i 
Science or related Java/Java Serviets, HTML © e : 
f experience g OL. Unix and ORACLE pre- architecture & all RAID func 

tions. Implement system backup 


Part of the exp. must include 2 to design, develop, modify — = , 
yrs. working with network Must have Bachelors gre 
administration & 1 yr. working and maintain e-procure- ferred. The company offers a S of foreign equivalent w 


competitive compensation/ben 
efit package and an environment 


lysts: Plan, test 
P web applications 
ment soiutions, and perform CRM packages 
be simultaneous es in develop ent ADE where achievements are recog 
clude: Design, develop & imple related duties. Master in tions using Java d & professional growth is 
ment IBM Websphere software io Clarify, Siebel ar DAL encouraged. Qualified appli 
Computer Science and 2002. Interact with nts to are encouraged t 
design the functior HR Dept., Synapse 
according to clien acifica Grou c., Four High Ridge 46547, Denver, Cc 

tions. Need Bachelor's Park, Stamford, CT 06905. Refer to order #: CO5065919 
in Computer Science 


with Unix system administration y to use: UNIX and 


Visual Basic & ASP. (Exp. can 


& recovery according to spec 
7 m and the abilit 

hdware/sftware. Re 
>rvel obs. Use buil fun 
server probs. Use built in func Se 


tions of Windows/Unix systems wer lette: 


& architecture. Must have work McCamish 
mai ee 7 


products & systems; Work with authority. Resumes to: PO Box 


Visual Basic, ASP. Javascript 
HTML, MQ Series & Net.Data 
Fwd. resume & ref. to: e 
Emphasys Tech., Attn: HR 

SD 5 3. E-mail: sam@Indus e 


valley.com fax: 800-44( J 
ass services in 


experience required. Send 


resume to ICS, P.O. Box 


and 2 years of experier 


of the IT Industry's fastest fesign, develop 


leaders. V n software 

Layer 2&3 f 
2d applications 
mplex info eo i an king for the following 

Programmer Analyst w/ex simprex into ra ere 

9) y Pp In mation Technology Consult — t to jev : fe - 

in client-server application ing Company. Our company cur t . in and ye. —— esting us: 

~ pening for the follo’ ] eae 6 

using Java, Oracle, Oracle ae nas opening for the follow ger, IXIA, Pa 

. Oracle 

Senior System Analysts. Ar appis, Oracle, SQ Vv 2 faces, workflow 

Create alyze, design, deve test in. Windows/UNIX 


Basic & DAO 

Reports w/Crystal Reports ath raplianl ed eager Alig = 
Use ASP, Perl, Visual Basic COBOL, PL/1, MQ Series, IMS 
Script, Java Script & HTML Se bats ty Cones tee cia jeceaginees 
Mail Resume to: Summit Engineering or Related 

Medical Clinic, P.C., 1605 ee 
North Union Bivd., Suite 

#200, Colorado Springs 


CO 80909 


forms/reports, VC++, Visual 


SQL Server, O 
direct 
project 


analyze business re: 


appis. Require: Mas 4 . 
CS/Business and 1 yr exe i tr 


Travel invoived T pe 10 2nd Resume t Premier offered. Apply 


Send resume to: HR Manager, 
Simplex info Systems, Inc. 76 
Northeastern Bivd., Suite 32C 
Nashua, NH 03062, or email to 
resumes@simplexinfo.com 


Competitive salary. Resume Technologies, Inc. 12808 West Rajender Gaddam 
HR, Quest America, Inc Airpori Bivd. Suite #230 Sugar Enterprises, LLC 
East Ontario Street, Suite 18( Land TX 77478. E-mail Creek 


Chicago, IL 60611 nfo@premierna.com 30126; Attn 


IT Education & Training Directory 


Contact the companies listed below 
to help you with your training needs! 


To place your ad please call 800-762-2977 


Transcender 

(615) 726-8779 
www.transcender.com 
Award-winning practice exams 
for IT certification 


CBT Nuggets 

(888) 507-6283 & (541) 284-5522 
www.cbtnuggets.com 

Affordable training videos on CD 
MCSE, MCDBA, MCSD, CCNA, 
Citrix, Linux, A+, Net + 


IPexpert, Inc. 

(866) 225-8064 

www.ipexpert.com 

CCIE (R&S, SEC, and C&S), CCSP, 
CCNP, CCNA, IP Telephony 
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Hyatt Regency Chesapeake Bay Golf Resort & Spa | Cambridge, ve 


February 22-24, 2004 


YOu ce 


fier build the 


Mame ann lice 


in the world. But it require spe 0 (e 
mY om ae or) 


Walt Disney 


Come and see Keynote Presenters Cheryl Moore, VP. 


Organization D 


eae 


th 
ealtn Wet 


2004 Hi 


velopment and. Training, 


WellPoint 


; and Philip Harlow, SS Dey 
Employee pentane Officer, 


Find out more about attending TOL 
Visit www.humanresourcessummit.com 


has openings for 
ministrators in NY & 
at least 2 yrs. & 6 


systems 


& infrastructure 

IP, ONS, WINS, Unix 

ANSI X12, Exchange 

ave legal author 

pay & 

benefits. Fax resume w/proof of 


Infobase, Inc. is_ hiring 
Software Engineers. Duties 
nclude/not limited to analy- 
sis/design/develop/imple- 
mentitest s/w applications 
Min req: Bach deg or equiv 
in CS/EE/Eng/ Electr & 
Comm/related and 5 yrs 
exp. Send resume to 39560 
Stevenson Place, Suite 

Fremont, CA 94539 
May be placed at client 


sites nationwide 


summits 


A 34 year record of quality peo 
ple like you. We know you're in 
demand. So demand the best 
environment for your growth: IT 
consulting with an international 
leader. We're everywhere busi. 
ness and industry are, with 
offices all over the country. Sc 
you've always got a new set of 
challenges, with total support 
We're currently recruiting the fol 
jow professionals, including 
Programmers; Analyst/Progra 
mmers; Database Analysts 
Application Development Spe- 
cialists; Software Engineers. 
Quality Assurance Analyst 
Network Administrators; Oper 
ations Specialists; and Infor 
mation Systems Coordinators 


Find out more about the rewards 
of working with AJILON. To 
apply for positions in any of our 
district offices, please visit our 
website at www.ajilon.com 


AJILON CONSULTING 
An Equal Opportunity Employer 


aaeas add ress? 


COMSYS is an established IT 
consulting firm that serves lead- 
ing corporations including 174 of 


the Fortune 500. With COM: 
SYS, you get: Extensive Ben 


efits, Additional Compensation 
for referrals, and Professional 
Challenges with training and 
assignments to keep you at the 
forefront of technology. With 28 
offices, we need the services of 
experienced consultants across 


the US 


Computer Programmers 
Programmer Analysts 
Systems Anaiys 
Software Eng 

+ User Support Specialists 

+ DBA's 

+ Business Analysts 

* Project Leaders 


Submit resume to 
COMSYS 
3030 LBJ Freeway 
Suite 905 
Dallas, TX 75234 
www.comsys.com 
Fax: 972-960-0914 
EOE/M/F/DV 


Better compensation? 


Better get in here! 


Staff Software Engineer 


Pitney Bowes Inc. has an open- 
ing in its Danbury, Connecticut 
office for a Staff Software 
Engineer. 


Design, develop, maintain and 
support an Automated Doc- 
ument Factory Application in 
J2EE Architecture using: Java 
JSP, Servelets, JRun, Weblogic 
(Planet Servers, Oracle 8i/9i 
Database and Windows NT 
2000/98 OS. Responsible for 
Realtime Data Collection and 
interfacing with Control Systems 
using Sockets, TCP/IP and 
XML Supports the software 
applications and modules 


Must possess at ieast a bache- 
lor’s degree or its equivalent in 
Computer Science or a related 
field and three years of work 
experience as a Programmer. 
Experience must include at least 
three years of experience with 
Java, Java Server Pages. 
Servelets, at least two years of 
experience with Reaitime Data 
Collection, data Consolidation 
across Enterprises using 
Sockets, TCP/IP, XML, JRUN 
Weblogic, {Planet Servers 
Oracle 8i/9i database and 
Windows NT/2000 


Resume and/or cover letter 
must reflect each requirement 
above and specify reference 
code SSE/SK or it will be reject 
ed 


Forward resume to Robbin Drew 
Elliott, Pitney Bowes Inc., One 
Elmcroft Road, Stamford, CT 
06926-0700 


SENIOR SOFTWARE ENGIN 
EER to design, develop, imple- 
ment and maintain web-based 
application software in a client 
server environment using object 
-oriented methodologies, C++ 
Java, Java RMI, J2EE, CORBA 
WebLogic, UML, Oracle and 
TCP/IP under Linux, SUN Sol 
aris and Windows operating sys: 
tems. Require: M.S. degree ir 
Computer Science/Engineering 
or a closely related field with 2 
yrs of exp. in the job offered 
Experience gained before or 
after earning the M.S. degree 
will be accepted. Extensive trav 
on assignment to various 
sites hin the U.S. is 
required. Competitive salary 
offered. Apply by resume to 
Debra VanderMeer, Chutney 
Technologies, inc., 11 Piedmont 
Center, 3495 Piedmont Rd, Ste 
89, Atlanta, GA 30305; Attn 


Software engineer to design 
develop and test computer pro 
grams for business applications. 
analyze software requirements 
to determine feasibility of de- 
sign, direct software system 
testing procedures using exper 
tise in UML, VS.Net, ASP.Net 
ADO, C#, SQL Server and OOP. 
Requirements: Bachelor's De- 
gree, educational or functional 
equivalent, in Computer Science 
or related field and two years 
experience as a software gi- 
neer of computer programmer 
knowledge of UML, VS.Net 
ASP.Net, ADO, C#, SQL Server 
and OOP. Salary: $70,242/year. 
Working Conditions: 8:00 A.M 
to 5:00 P.M., 40 hours/week, in 
volves extensive travel and fre- 
quent relocation. Apply: BECS. 
CareerLink Program Supervisor 
Indiana County CareerLink, 300 
Indian Springs Road, Indiana 
PA 15701, Job No. WEB385479. 


Yoaaemmemee ni nni teed 
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System & Programming Analyst 
Work Sched 8:00AM-5:00PM 40 
hrs/wk. $61,848.80 P/A. Devel- 
op, test, & debug software appli- 
cations using Rapid Application 
Development tool. Develop Gra- 
phical User Interface using Visu- 
al Basic 6.0 programming lan- 
guage, & MS/WINDOWS API 
Design multi-tier client-server 
networking applications using 
software applications including 
Visual Basic, MS Transaction 
Server, SQL Server Database 
Progress Database, & Embarca- 
dero DBArtisan 5.03 tool, imple- 
menting system design with 
Windows Registry & Microsoft 
COM/DCOM concept. Maintain 
software applications that sup- 
port the finance operation to 
process applicants’ information. 
retrieve clients’ financial back- 
ground from credit bureaus to 
determine credit worthiness of 
the client. Analyze & redevelop 
legacy & inefficient existing deal- 
er systems to improve perfor- 
mance. Assist in data migration 
into the production environment 
Work in UNIX & MS-WINDOWS. 
NT computing environment 
Bachelor, Any Information Sys 
tem major. 2 mths exp. in Job or 
Related Occupation of System 
&/or Programming Analyst. 2 
mths. of Related Occupation 
exp. must include design of 
multi-tier client-server network- 
ing applications using Visual 
Basic & MS Transaction Server 
applications, Embarcadero DB- 
Artisan tool, implementing sys- 
tem design with Windows Regis- 
try & Microsoft COM/DCOM 
concept, which may be concur- 
rent with Related Occupation 
exp. Employer Paid Ad. Send 
resume to MDCD, PO Box 
11170, Detroit, MI 48202 
Ref.#212074 


Consultant/Software Engineer. 
Design, develop, implement & 
test software applications for 
business processes. Require 
ment analysis Tools: Java 
JSP; Visual Age; UML 
Websphere Application Deve- 
loper (WSAD). Bachelor's in 
Comp. Sci. or Eng.* + 6 mo. exp 
in job offered or as Programmer 
or Software Developer req'd 
("Bachelor s degree in any eng 
field also acceptable). Previous 
experience must include: Java 
Visual Age; UML. 40 hrs/wk 
$52,000/yr. Must have proof of 
legal authority to work in the US 
Send your resume to the lowa 
Workforce Center, 215 Watson 
Powell Jr. Way, Des Moines, IA 
50309. Please refer to Job 
Order 1A1101844. Employer pd 
ad 


System Integrator 


Responsibilities include con- 
ducting systems analysis, de- 
sign and maintenance, which 
supports the business and I/S 
applications. Participates in sys- 
tem development and integra- 
tion. Coordinates necessary 
system and software changes. 
Consult with leaders on busi 
ness process improvements and 
technology enhancements or 
capabilities. Mentor I/S staff on 
business process and technical 
architecture. Adhere to system 
life cycle processes and compa- 
ny standards, including tools 
processes, networks, systems 
and infrastructure. Demonstrate 
knowledge of business and 
technical infrastructure in per 
forming these functions. Estab 
lish and maintain strong working 
relationships with /S and the 
business units. Bachelor's de- 
gree in MIS, Computer Science 
or related field with a minimum 
of 3 years experience in applica 
tions development and/or tech 
nical business analysis. Must 
have project management and 
planning skills, as well as knowl- 
edge of programming languages 
(e.g. C, Ctt, PowerBuilder, Visu 
al Basic, Java, COBOL, SAS or 
SQL); programming techniques 
- structured or object oriented 
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ity to work in the United States. 
Send your resume to the lowa 
Workforce Center, 215 Watson 
Powell Jr. Way, Des Moines. 
lowa 50309-1727. Please refer 
to Job Order 1A1101798 
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and UNIX operating systems 
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puter Science, Info. Technology 
or a Closely related field with 2 
yrs of exp in the job offered or as 
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travel on assignment to various 
client sites within the US ts 
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offered. Send resume to: John 
Watson, Venturi Partners, Inc 
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Jacksonville, FL 32256; Attn 
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Continued from page 1 
Oracle 


on integration to recover mar- 
ket share, claiming that it’s 
about even on sales with Peo- 
pleSoft. “We’re not giving up 
on what we were saying be- 
fore,” he said during a press 
briefing. “[But] not everyone 
in the world wanted to go that 
way. We’ve got our fair share 
of wins. Now we live in a het- 
erogeneous world.” 

Basheer Khan, a member of 
the independent Oracle Appli- 
cations Users Group and se- 
nior director of the Oracle 
practice at consulting firm 
Vertex Systems Inc., said the 
integration hooks that Oracle 
is adding to its applications 
represent a big step forward. 

“In the past, they’ve been 
going after customers to sell 
them the whole E-Business 
Suite, but they’ve realized 
some customers have invested 
a lot of money in other tech- 
nology,” Khan said. Los Ange- 
les-based Vertex itself plans to 
install Oracle’s financial appli- 
cations later this year to re- 


Continued from page 1 


Emcor 


the first half of last year pack- 
aged tools and Sarbanes-Oxley 
consulting programs that are 
being offered by the Big Four 
accounting firms. 

The cost of developing the 
compliance tracking system 
will be “significantly less” 
than what Emcor would have 
had to pay for off-the-shelf 
software, CIO Joseph Puglisi 
said last week at the compa- 
ny’s headquarters here. Emcor 
also won't have to add any 
hardware, software or storage 
to support the compliance sys- 
tem because it can piggyback 
on an existing Notes installa- 
tion, Puglisi said. 

In addition, the packaged 
applications that Emcor con- 
sidered would have required 


| 
| 
| 
| 
| 





place homegrown software. 
Making integration easier 
by providing built-in hooks to 
other applications offers obvi- 
ous benefits to users, said 
John Graff, vice president of 
marketing at National Instru- 
ments Corp. in Austin. “Look- 
ing at it at the out- 
set, it seems to 
make sense for Or- 
acle to do this,” 
Graff said. National 
Instruments runs 
the marketing and 
telesales modules 
in lli, plus other 
Oracle applications. 
Oracle, which is still trying 
to buy PeopleSoft via a hostile 
takeover bid, has seen the in- 
tegration light relatively late 
compared with some of its top 
business application rivals. 
Market leader SAP AG has 
vigorously promoted its Net- 
Weaver middleware technol- 
ogy for the past two years, 
and PeopleSoft last May an- 
nounced a plan to build con- 
nectors into its applications. 
CRM vendor Siebel Systems 
Inc. has made a big integration 
push with its Universal Ap- 


DATABASE FIGHT | 


Oracle hopes the price of its 
new 10g database will help it 
soft in the 
Windows market 
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take on Mic’ 


| “heavy customization” to meet 


| last August. “We didn’t take 





the company’s business re- 
quirements, said Joseph Cor- 
ris, its manager of financial 
analysis and leader of the 
Notes project. 

Work on the project began 


any shortcuts by developing 
this system ourselves, but we 
will end up saving the compa- 
ny some money as a side ben 
efit,” Corris noted. 

Emcor doesn’t have an in- 
ternal application develop- 
ment team, so it contracted 
with Phoenix-based Brazen 
Technology Inc. to develop 
the Notes database for the 
new system, which is called 
Socrates — short for Sarb-Ox 
Compliance Reporting and 
Tracking Executive System. 

The technology is designed 
to track the financial reporting 
controls used by Emcor’s 85 


| will also leverage adapters and 


| mended that Em- 


| buying Sarbanes-Oxley com- 


NEWS 


plication Network tools. 
Chuck Phillips, one of Ora- 
cle’s two presidents, told re- 
porters the company already 
offers integration technology 


| 


| for lli “but didn’t package it as _ | 
| much as we could have.” 


That’s due to change with 
Version 1li.10 of 
E-Business Suite. 
Oracle said the up- 
grade will make 
hundreds of inte- 
gration hooks 
available as Web 
services, provide a 
repository of its 
application programming in- 


| terfaces and support standard 


interfaces defined by Open 
Applications Group Inc. 

The upgrade, which is 
scheduled to ship by midyear, 


other integration tools built 
into Oracle’s upcoming Appli- 


| cation Server 10g software. 


Likewise, the new Customer 


| Data Hub software will work 


with the application server to 
pull information from pack- 
aged applications other than 
ii. The hub extends lli’s un- 
derlying data model so it can 


business units in the U.S., 


| Canada and the U.K.., as re- 


| Sarbanes-Oxley Act. Emcor 
| currently is working to popu- 
| late the Notes database with 


| 
. 3 Ne | 
quired by Section 404 ofthe =| 


documentation that spells out 


| its internal control procedures 


and the require- 


| ments imposed by 
| the financial re- 


porting law. 
> ic} . 
slisi recom- 
Puglisi recom projects 
cor work with 
Brazen, but he not- 


| ed that the finance depart- 


ment has taken the lead on the 


| project. “The business knew 


what they wanted, and they 


| came to IT for support,” he 


said. “It’s not my project, but 

we can support it from an in- 

frastructure standpoint.” 
Most large companies are 


For full coverage of Sarbanes- 
Oxley compliance issues and IT 
go online 
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support mixed software instal- 
lations and ones that don’t in- 


| clude any of Oracle’s applica- 


tions, company officials said. 
IHOP Corp. plans to go live 
with Customer Data Hub in 
March, said Patrick Piccinin- 
no, vice president of IT at the 
Glendale, Calif.-based restau- 
rant franchiser. IHOP wants to 
tie together its systems, which 
include ERP software from 
Lawson Software Inc. and var- 
ious Oracle applications, to 


| get better information about 
| customer spending habits. 


“We have four or five views 
of what the customer looks 
like,” Piccininno said. “We’re 
trying to drive to a single 
source of truth with this.” 

The integration about-face 
shows that Oracle has become 


| “much more grounded in the 


reality of today’s systems,” 
said David Dobrin, an analyst 
at B2B Analysts Inc. in Cam- 
bridge, Mass. But, he added, 
“Oracle is slowly, slowly losing 
ground against its competi- 
tion, both in mind share and 
market share, and it does not 
appear that the tide has 
turned.” @ 44431 


pliance tools, although some 
have developed their own sys- 
tems “as a stopgap measure” 
until packaged tools become 
more mature, said John Van 
Decker, an analyst at Meta 


| Group Inc. 


But Troy Edgar, president 
and CEO of 
Global Conduc- 
tor Solutions 
Group, a man- 
agement con- 
sulting firm 
based in Los 

- Alamitos, Calif., 

said that companies like Em- 

cor with annual revenue in the 
range of $1 billion to $5 billion 
are tending to build home- 
grown systems. 

After Brazen completed an 
initial iteration of the Notes 
system in September, Emcor 
recommended some nomen- 


| clature changes to the data- 
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E-BUSINESS SUITE 111.10: 

= Exposes more than 800 
“integration points” as Web 
services to facilitate links to other 
systems. 


= Adds a repository that cata- 
logs the APIs published by the 
company for the software. 


= Includes native support for 


more than 150 business-object 
interfaces created by the OAG. 


= Provides increased support for 
industry-specific integration 
protocols, such as RosettaNet 
and HL7. 


CUSTOMER DATA HUB: 

= Consolidates customer data 
from Oracle’s applications and 
other systems into a single 
repository. 


= Provides real-time data ac- 
cess to information without 

requiring users to move the in- 
formation to a data warehouse. 


= |ncludes data quality tools 
for use in developing, formatting 
and maintaining customer data- 
bases. 


base’s template “to make it 
more audit-friendly,” Corris 
said. Emcor also asked Brazen 
to develop additional end-user 
screens, such as views of ma- 
jor customer accounts. 

A second version of the sys- 
tem was completed in late No- 
vember. Emcor expects the 
upcoming tests of the controls 
documentation at its operat- 
ing units to take until Septem- 


| ber to finish, Corris said. 


To comply with Sarbanes- 
Oxley, the system needs to be 
completed by the time Em- 
cor’s fiscal year closes on Dec. 
31. With the site testing not 
due to be completed until just 
three months before the dead- 
line, meeting the rollout 
schedule “is going to be a 


| crunch,” Corris said. “But that 


still gives us some extra cush- 
ion for any final revisions that 


might be needed.” @ 44432 
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What Users Want 


HAT DO USERS WANT FROM IT? Usually it’s not 
that hard to figure out. It’s not even unreasonable. 
Sure, some live for interdepartmental politics. 
And some would rather fight with IT people than 
do business. But most users are more interested 
in getting their jobs done — efficiently, effectively and with a mini- 


mum of stumbling over technology. 


Funny thing: That’s what you'd like for them, too. And if you can 
understand the things they want, you just might cut out many of the 


problems you have when users and IT collide. 
So what do they want? 
Users want technology to just work. But they 
know it won’t always. When things fail, they 


want IT to recover quickly. When possible, they 


want advance warning. If they can’t have that, 
they want to hear the bad news from you before 
they waste time and effort pounding away on 
systems that have died. 

Users want explanations in business terms. 
They want to know how much it will cost, how 
long it will take and how it changes what they 
do. They don’t know latency from legacies 
or virtualization from validation, and they 
shouldn’t need to. Keep trying to get your ex- 
planations down to dollars and schedules and 
business processes. If they want the technology 
jargon — and yes, some users really do get into 
geekspeak — they'll ask for it. 

Users don’t want to be told no. They want to 


be told how much their ideas will cost, what the 


consequences of doing it their way will be, and 
what they’ll have to give up to have it their way. 
That way, they can decide for themselves that 
their terrible idea really should be deep-sixed. 
Users want all the bugs to be out of your ap- 
plications. But they use commercial software 
too, so they know software is buggy. 
If they have to live with bugs, they 
want to know where the land mines 
are — like, say, the help key that 
wipes out the last 15 minutes’ worth 
of data entry on some screens. If 
those land mines are mapped in 
documentation and training, users 
can work around them instead 
of watching them blow up in 
their faces. 
Users want the ability to recover 
from mistakes. That means backing 
out one step at a time without los- 
ing data. And rolling back transac- 





tions cleanly. And stopping processes that 
are in progress. Users know they’ll make mis- 
takes. They know it will take time to correct 
them. They just don’t want an easy-to-make 
mistake to be catastrophic — or take forever 
to reverse out. 

Users want systems that get them from the 
beginning to the end of a process in the shortest 
time. It’s not just about response time, but the 
total time it takes. They'll wait 10 seconds for 
data to populate a screen if that means they 
don’t have to crawl through 10 screens that take 
two seconds each to click through. 

Users want security to be invisible. They 
don’t want to keep track of a half-dozen pass- 
words, or worry about viruses in e-mail attach- 
ments, or have security get in the way of any- 
thing they do. They want you to stitch security 
into your systems so they don’t have to remem- 
ber to follow rules. 

Users don’t want things to change. Their 
habits make them efficient. They don’t like new 
systems that break those habits unnecessarily. 

Users want courtesy from IT people. An in- 
expensive “please” or “thanks” or “I’m sorry” 
buys a lot of cooperation from them. And re- 
member, even the densest user can detect sar- 

casm and irony. They want you to 
at least sound sincere. If you can 
fake that, it goes a long way. 

Users want ... whatever they 
want. You’ll never know what that 
is — or if you can deliver it — by 
guessing, assuming or abstracting 
from current system usage. You'll 
have to ask — politely, persistently 
and keeping in mind that they 
don’t like talking to you any more 
than you like talking to them 

Because users do know what 
they want. And when you ask, you 
will too. @ 44401 
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Unclear on the Concept 


This company moves its call center to what used to be 
a bank, and the fireproof walk-in safe seems like the 
ideal place to store backup tapes. But when a fire guts 
the place, IT pilot fish is stunned to discover the tapes 
melted - and a charred block of wood wedged in the 
safe’s doorway. “We ran out of space for stationery,” 
explains the call center manager, “so we stored it in 
the safe. But some of the girls had a hard time open- 
ing the heavy safe door, so we thought we'd just 
wedge it open.” 
Verified “combing her 
IT security pilot SHARK long, blonde 
witvaproben TANK. tate ton ask 
with a problem ing the top 
report but is ee drawer window 
stymied because he’s: as a mirror.” 
not on the “verified : 
callers” list. Youneed | Working Around 
someone on the list to - Pilot fish reports this 
vouch for you, says ven- : e-mail from a sysadmin 
dor tech, who then reads : to all employees: “I no- 
off some names. “I went : ticed that the closet that 
down the hall to get one: houses the circuit box 
of these folks, who came : that powers the outlets 
back to the phone and _: in the server room is 
said it was OK to take —_: open, with a fan blowing 
the call from me,” says: on the power panel. Giv- 
fish. Then fish asks tech : en that this circuit box 
how he knew fish didn’t : has shut down twice in 
just fake the “verified = the past six weeks, | 
caller.” “He said verify- : would recommend that 
ing a verified caller isn't: you save your work fre- 
in their procedure,” fish : quently today.” 
says. “Only verifying un- : 
verified callers is.” : Making Do 

: This VP is brilliant, but 
Looking Good : extremely messy, says IT 
it’s the 1970s, and this : pilot fish - “every inch of 
mainframe pilot fish ? her desk was covered in 
can’t figure out why the : : papers.” When she com- 
removable disk drives in : plains that her mouse 
one cabinet keep crash- : works erratically, fish 
ing. “Some of the dam- | can see why: She's us- 
aged disk packs are sent j me einen st 
out for analysis, andthe | papers as a mouse pad. 
report points out for- | Fish clears a space so 
eign-object contamina- : VP can use a mouse pad 
tion - specifically, hair,” © on her desk surface. 
says fish. A week later, j “Sha locked ot U for a 
a night-shift technician few seconds,” fish re- 
spots the likely cause. | ports, “put the stack of 
“One computer operator papers back where it 
was in front of the ee aiaa oe 
cat roe dk cab ae 
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BrightStor’ ARCserve® Backup Release 11 


When it comes to data backup and recovery, you want a reliable, high-performance solution you 
can count on. That's why we've created BrightStor ARCserve Backup Release 11, featuring the 
very latest in storage innovations. BrightStor ARCserve Backup is faster and easier than ever, 
enhancing both efficiency and productivity. And with CA's superior technology, you can be 
confident your files are properly backed up and will easily be restored should a disaster occur. 


For more information, go to ca.com/storage/arcserve. 
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